Microsoft Entra Workload Identities Service Brings New Features for Securing Apps and Services
Microsoft has released some important updates for its Microsoft Entra workload identities service. The new capabilities are designed to protect workload identities that are vulnerable to security threats such as consent-phishing attacks.
Workload identities are non-human identity aspects (such as virtual machines and containers) that allow an application or a service principal to access a resource. Microsoft has recently rebranded its existing identity and access management solutions as Microsoft Entra. This product family also comes with a new workload identities service that is currently available in public preview.
“They can have access to a company’s most sensitive resources, and can be an attack surface interesting to bad actors – a channel to cause damage or increase susceptibility. Tactics such as consent-phishing can introduce bad apps into organizations, and breached credentials can allow attackers to abuse existing applications and services,” said Ilana Smith , Group Product Manager for Azure Active Directory.
First up, Microsoft is introducing Conditional Access support for workload identities. Up until now, it was only possible to apply conditional access policies to users who wanted to access any apps and services. The feature will enable IT admins to configure policies that specify the conditions that allow a workload to access any resource.
The Redmond giant has also started rolling out new Identity Protection capabilities that allow organizations to detect and block risky workload identities such as leaked credentials and suspicious sign-ins. With this release, IT Pros can now protect applications, managed identities, and service principles in their environments.
Finally, the Azure AD Access Review feature helps organizations to perform a periodic review of highly privileged access to applications and service principles. IT teams can set up and run access reviews from the Azure management portal, and you can find more details on this support page.
Microsoft to release new Workloads Identities update later this year
Microsoft is also working on a new feature that will allow customers to understand their “workload identity population” in a better way. Additionally, it will let IT admins remove inactive identities that have not been used recently within enterprise networks. This new set of capabilities should help reduce the organization’s attack surface and will be available later this year.
More in Azure Active Directory
IT Admins Get New Azure AD Temporary Access Pass Feature to Create Time-Limited Passcodes
Jun 28, 2022 | Rabia Noureen
Microsoft Entra Verified ID Now Lets Users Recover Lost Credentials
Jun 23, 2022 | Rabia Noureen
IT Admins Get New Features for Managing Microsoft 365 App Updates
Jun 21, 2022 | Rabia Noureen
Microsoft's Out-Of-Band Patch Fixes Microsoft 365 and Azure AD Sign-In Issues on ARM Devices
Jun 21, 2022 | Rabia Noureen
Microsoft is Investigating Sign-In Issues Affecting Microsoft 365 and Azure AD on ARM Devices
Jun 20, 2022 | Rabia Noureen
Why You Should Restrict Access to Office 365 Using Microsoft Conditional Access Policies
Jun 15, 2022 | Liam Cleary
Most popular on petri