Forum Discussion
Security App Registrations
Hello, I am reaching to see what people are doing around security app registrations. We've been working with our Dev teams, and have come across this app registration that's highly secure. Our devel...
cpateman Thank you for your response, once you have the keyvault and secret stored within, how do you then secure the keyvault. As long as the developer has access to the keyvault, couldn't they programmatically get access to that from anywhere? is there a way to keep keyvault behind conditional access so that access is only accessible internally?
There is no way to integrate Service Principals with Conditional Access. You can monitor sign-ins however to make sure that the service principals aren't used from an unknown IP.
Check this out for an example: https://thecollective.eu/blog/monitoring-service-principals-with-watchlists-in-azure-sentinel/
Check this out for an example: https://thecollective.eu/blog/monitoring-service-principals-with-watchlists-in-azure-sentinel/