070: Rollout strong auth credentials for Workload Identities

Overview

Use Azure Managed Identities and certificates for cloud workload identities. Organizations should establish a pattern where workload identities and automation credentials use one of the options below:

• Managed identity
• Certificate
• Federated workload identity

Customers should avoid using the weakest option:

• Client secret

Usage of client secrets should require an exception, since it should violate normal security requirements.

Reference

• Configure a managed identity for Azure Deployment Environments - Azure Deployment Environments | Microsoft Learn
• Create a Microsoft Entra app and service principal in the portal - Microsoft identity platform | Microsoft Learn