Discover & analyze privileged usage for Workload Identities (e.g., scripts)

Implementation Effort: High – Requires coordinated efforts across IT, security, and application teams to audit, assess, and reassign permissions for workload identities, often involving multiple systems and stakeholders.

User Impact: Low – These changes are administrative and do not directly affect end-user operations or require user intervention.

Overview

Discovering and analyzing privileged usage for workload identities involves creating a comprehensive inventory of non-human identities, such as service accounts, service principals, managed identities, and federated workload identities. This inventory should include user accounts used non-interactively, which are typically a risk due to unrotated passwords and exemptions from Conditional Access controls. By identifying and cataloging these identities, organizations can assess their privilege levels and usage patterns.

It also aligns with "Use least privilege access" by enabling the reassignment of excessive permissions to least privileged roles. Failure to perform this analysis can result in over-permissioned identities, increasing the risk of unauthorized access and potential breaches.

Reference

• Workload identities - Microsoft Entra Workload ID
• Securing workload identities with Microsoft Entra ID Protection
• Access activity logs in Microsoft Entra ID
• Frequently asked questions about Microsoft Entra Workload ID