069: Discover & analyze privileged usage for Workfload Identities (eg scripts)
Overview
Create an inventory of non-human identities (e.g. service accounts, or accounts that run scripts or scheduled tasks). This inventory should include several different object types:
- User principals that are used non-interactively. These are typically a risk because their passwords are not rotated and they are exempted from many Conditional Access controls.
- Service principals / Enterprise Applications
- Managed Identities
- Federated workload identities