APP-10MediumEnhanced Security

Workload Identity Federation Adoption

Name: TrueConfig
Rating: 4.8 (50 reviews)

Workload Identity & Applications control for Microsoft 365 and Entra ID

Why This Control Matters

Workload identity federation eliminates client secrets entirely by using trusted identity providers. This removes the risk of secret leakage, rotation failures, and credential theft for automated workflows.

Expected State

When this control is compliant, your tenant should meet these criteria:

1Applications use federated credentials where supported
2CI/CD pipelines use workload identity federation instead of secrets
3Client secrets are only used where federation is not available

Enforcement

Default Mode

Advisory

Alerts on deviations but does not make changes

Auto-Remediation

Manual Only

Migration requires app-specific configuration with identity providers (GitHub, Azure DevOps, etc.)

Ready to implement this control?

TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.