Protecting Application and Service Principal Permissions in Azure AD

OVERVIEW

Do you know what your service principals are doing? Service principals represent non-human accounts in Azure AD. They’re a big improvement over the on-premises service account model, but the permissions they are granted can introduce new risks. In this talk we’ll explain the threats to the permission consent model posed by app sprawl and malicious actors. We’ll show you how to discover what apps are in your environment and how to understand the risk associated with those apps.

Key topics we’ll cover include:

• Understanding the service principal and application directory objects
• Evaluating the impact and blast radius of permissions
• Delegated (on behalf of a user) and application (without a user) permissions
• Identifying threats to your applications and service principals
• Managing requests from app developers

Based on our experience implementing an application permission security assessment model across Microsoft’s internal IT environment, we’ll share lessons learned, gotchas, and product features that can help you manage the security of service principals and applications in your Azure AD tenant.