APP-10: Workload Identity Federation Adoption
Frequently asked questions about implementing and managing the APP-10 security control in Microsoft 365 and Entra ID.
QWhat is APP-10 (Workload Identity Federation Adoption)?▼
APP-10 is a security control that workload identity federation eliminates client secrets entirely by using trusted identity providers. this removes the risk of secret leakage, rotation failures, and credential theft for automated workflows. It requires that applications use federated credentials where supported and ci/cd pipelines use workload identity federation instead of secrets, client secrets are only used where federation is not available.
QWhy is Workload Identity Federation Adoption important for Microsoft 365 security?▼
Workload identity federation eliminates client secrets entirely by using trusted identity providers. This removes the risk of secret leakage, rotation failures, and credential theft for automated workflows.
QHow do I implement APP-10 in my tenant?▼
APP-10 requires manual implementation. Migration requires app-specific configuration with identity providers (GitHub, Azure DevOps, etc.)
QWhat license do I need for APP-10?▼
This control can be implemented with any Microsoft 365 subscription, including free Azure AD.
QWhich security baseline includes APP-10?▼
APP-10 is included in the Enhanced Security baseline (Level 2). This level adds stricter controls for security-conscious organizations.
5
Questions
1
Related Controls
—
Categorized
Related Resources
Still have questions?
Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.
Start Free Trial