Security App Registrations

Hello bglmarks ,

I am using this type of flow.

I think your concerns are controlled by permissions.

You should have Active Directory permission on your Azure Portal users to restrict who can create the App Registrations.

Then once you have generated the App Registration plus the Client Secret, you need to secure these somewhere safe like encrypted database or better would be Azure Key Vault.

You would then also want to limit what the Client can do to make sure it cannot create or destroy everything.

For example, only the Admin in our AD can create the App Reg, so I can't create them. The Service Principle only has read access to a certain Subscription. The details are then saved securely for use, so we cannot read them while using in the code.