Entra ID workload identities and AI agents: are your controls ready?

TL;DR: Accelerated AI adoption is expanding non-human identity sprawl across hybrid environments while many teams still lack the guardrails to govern existing Entra ID workload identities, from app registrations and service principals to secrets, certificates, managed identities, and federated credentials, according to Semperis. The governance problem is no longer theoretical: workload identity controls are becoming the baseline for AI-era identity security, and inherited permissions plus lifecycle blind spots will only raise the blast radius.

NHIMG editorial — here’s why we think this discussion matters

By the numbers:

• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• Only 5.7% of organisations have full visibility into their service accounts.
• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

Questions worth separating out

Q: How should security teams govern Entra ID workload identities in hybrid environments?

A: Start by inventorying app registrations, service principals, credential types, and owners as separate governance objects.

Q: Why do workload identities create a different risk profile from human accounts?

A: Workload identities authenticate without human presence, often use long-lived credentials, and are frequently delegated across teams and pipelines.

Practitioner guidance

• Separate identity objects from runtime identities Maintain distinct inventories for app registrations and service principals so reviews target the tenant-scoped identity that actually carries permissions and credentials.
• Reduce static credential dependence Replace long-lived secrets where possible with managed identities or federated credentials, and ensure secrets that remain are rotated, scoped, and offboarded with the workload.
• Constrain delegated ownership Use custom roles and app management policies to limit who can create credentials, grant access, or alter workload settings in Entra ID.

What to expect at the briefing

Semperis's full article covers the operational detail this post intentionally leaves for the source:

• Step-by-step walkthrough of Entra ID workload identity types, including app registrations, service principals, and credential choices.
• Demo-level guidance on guardrails for delegated management, app management policies, and custom roles.
• Practitioner examples showing how Microsoft Defender and XDR support inventory, visibility, and threat hunting.
• Conference context for the HIP Conf Europe session and the practitioners presenting the controls in practice.

👉 Read Semperis's analysis of Entra ID workload identity security for AI-era environments →

Entra ID workload identities and AI agents: are your controls ready?

Explore further

View Full Forum →  |  NHI Foundation Course →