064: Discover & remediate existing over-privileged Workload Identities
Overview
Based on business requirements, re-assign workload identities/system accounts with excessive permissions to least privileged roles. Your organization should formulate a strategy for discovering what privileged roles are held in your organization, including for roles that are critical to your business processes. Over-permissioning of those roles should be reduced manually or with the aid of tooling like a Cloud Infrastructure Entitlement Management (CIEM) tool.
This process should be leveraged for user principals, service principals, and groups to ensure that all assignment types are least privileged.