Demystify Azure AD workload identities

"Identities of apps and services (workloads) are gaining privileged access and are used on a wide scale (especially in DevOps or large high-automated environments). Attack techniques (for example, in case of NOBELIUM attacks) has shown that service principals will be used for initial and persistent access (to create a ""backdoor"" in Azure AD). Securing credentials, limit and detecting suspicious access or managing lifecycle of workload identities can be a challenge. Security concepts of privileged user account can not be (fully) applied to non-human identities and would be limited applicable. Strictly monitoring and classification of this types of identities are often neglected in the past. In this session, I like to give an overview about the different types of workload identities, common (sensitive) use cases and how attacks or abuse can be mitigated of the different phases in the lifecycle." Time: 15:30 - 16:20