Microsoft Entra Workload Identities now generally available

As the growth of cloud continues, more workloads are moving to the cloud and new enterprise software solutions are being deployed natively in the cloud. This has resulted in massive growth in identities for workloads and an explosion of access permissions associated with these identities to sensitive data and resources. Organizations and security providers have been focused on human identity security so that access control or security capabilities to manage these emerging identities are limited. This is putting increased pressure on identity security professionals.

Zero Trust is all about ensuring that everyone (and everything) is continuously authenticated and authorized. As new entities like workloads enter organizations’ environments, those entities have to be factored into the Zero Trust strategy. This is why we’ve expanded the identity types we support into workloads as part of our mission to support everyone and everything.

Today, we’re thrilled to announce the general availability (GA) of Microsoft Entra Workload Identities as the new member of the Microsoft Entra portfolio. Microsoft Entra Workload Identities is available today as a standalone solution, priced at $3 per workload identity, per month.

Extending advanced capabilities to non-human identities 

In Microsoft Entra, the number of workload identities have more than tripled since 2019. A study conducted this year by Evaluserve found that 68 percent of workloads have access to sensitive data and assets. However, both organizations and security providers have often constrained their focus to human identity security. As security for human identities continues to improve, recent cyberattacks have started targeting workload identities as an entry point into their target’s environments. Therefore, managing and securing workload identities is critical for protecting your organization, your users, and your data. With Microsoft Entra Workload Identities, you can apply enhanced security to your workload identities by implementing conditional access, containing threats proactively, and getting more insight into workload identities lifecycles.

Key capabilities 

• Conditional Access: Customers can now bring one of the most powerful forms of access control in the industry to workload identities. Conditional Access supports location or risk-based policies for workload identities. Organizations can block sign-in attempts from outside trusted locations or when Identity Protection detects compromised apps or services.  
• Identity Protection: Unlike human identities, workload identities lifecycles are often less defined and therefore harder to manage. To address this pain point, we’re looking across the workload identity lifecycle to spot indicators of compromise. Identity Protection provides reports of compromised credentials, anomalous sign-ins, and suspicious changes to accounts. As is the case with Risky Users, you can view risk reports in your preferred format, whether that’s in the portal, with Microsoft Graph, or in the tool of your choice by exporting the data using Diagnostic Settings. 
• Access Reviews: To reduce the risk associated with privileged role assignments, regular access reviews are necessary. This feature allows you to create access reviews for workload identities to enforce lease privileged access. 

This is the beginning of what we’re building to help you use our workload identities to keep your organization productive and secure. A new feature, App Health Recommendations in Azure AD Recommendations, that provides insight into applications such as unused apps, expiring credentials, and unused credentials, will be in public preview by the end of November.   

Try Microsoft Entra Workload Identities today 

We’re offering a free 90-day trial of Microsoft Entra Workload Identities so that you can set a new conditional access policy, check out reports of detected risks, and enforce least privileged access.

If you’re interested in learning more about Microsoft Entra Workload Identities, visit our website and check out the product documentation. We’re excited to go on this ride together and look forward to hearing from you.  

Ilana Smith

Group Product Manager  

Azure Active Directory  

@ilanas

Learn more about Microsoft identity: 

• Related Articles: ​Do more with less—Discover the latest Microsoft Entra innovations - Microsoft Security Blog 
  Managing, governing, and securing identities for apps and services - Microsoft Community Hub​ 
• Get to know Microsoft Entra – a comprehensive identity and access product family
• Return to the Microsoft Entra (Azure AD) blog home 
• Join the conversation on Twitter and LinkedIn
• Share product suggestions on the Entra (Azure AD) forum