Entra ID Application Deployment: Two Identities #shorts
About this talk
Deploying an application in Entra ID creates two identities, not one. The app registration defines scopes, while the service principal grants resource access. Understand the difference for secure deployments. #bsidesfrankfurt #bsides #bsidesfra #TomerNahum #JonathanElkabas #Semperis
Show transcript [en]
Whenever you uh deploying an application in your enter ID environment, you're basically creating two identities, not one but two. Okay. Um the first thing is the application registration which is an identity that have all the all the scope uh defined in it all the blueprint of the application all the redirect URIs in it. uh but it's not the security principle meaning it's it's not it's not the right uh principle that get access to uh all the resources. This is the service principle itself. So the application registration define all the scopes and all the blueprint regarding this the identity but the security identity behind the scene is the service principles.
Related talks
0:38Microsoft Security: Safe PC or Password Risk? #shorts
BSides Frankfurt
0:41IP Geolocation Inaccuracy: Understanding Network Routing #shorts
BSides Frankfurt
0:18Vibe Coding Explained: Simple Rules for Secure Programs #shorts
BSides Frankfurt
0:22Microsoft Shared Folder Error 1272: Security Policy Explained #shorts
BSides Frankfurt
0:25Impossible Game Bot: The Ultimate Training Data Challenge #shorts
BSides Frankfurt
1:22Microsoft Share Error: Security Policies & Honeypot Gold! #shorts
BSides Frankfurt