In this blog post I will explain what Workload Identities are and how to secure them (yes, they need to be secured).
Furthermore I will explain Workload Identity Federation in a future blog post.
What are Workload Identities?
A workload identity is a identity used by software workloads. These can be applications, services, scripts or even containers.
They’re used to access resources in Azure.
In Microsoft Entra Workload Identities are applications, service principals and managed identities.
Managed Identities are a special type of service principal which eliminate the need for managing credentials.
In general there are two types of identities; human identities and non-human identities.
Non-human identities are grouped by workload identities and device identities.
Workload Identities represent as the name already tells; Workload such as software, while device identities represent machines such as Desktops, Smartphones and so on…
Securing WIs?
Hmm…probably not only human identities should be secured, but also non-human ones.
But most solutions on the market are securing just the human identities.
So here are a few possibilities to secure your non-human identities.
- Apply CAPs (Conditional Access Policies) to service principals using CA for workload identities
- Enable real-time enforcement of Conditional Access location and risk policies through using Continuous access evalution for Workload Identities
- Managing custom security attributes for an app
