APP-05Moderate

How to Fix: Service Principal Credential Hygiene

Step-by-step guide to implement service principal credential hygiene in your Microsoft 365 environment.

30-60 minutes

Estimated Time

4

Steps

critical

Severity

Recommended Secure

Baseline Level

Why This Matters

Service principals are the #1 attack vector for M365 supply chain compromises. Long-lived credentials on service principals (like those used in SolarWinds, Midnight Blizzard) bypass MFA entirely and provide persistent access.

Prerequisites

  • 1Global Administrator or appropriate admin role in Microsoft Entra ID
  • 2Access to Microsoft Entra admin center (entra.microsoft.com)

Expected Configuration

  • All service principal credentials expire within 90 days
  • No service principals have non-expiring secrets
  • Federated credentials or managed identities are preferred

Remediation Steps

1

Audit Current Applications

Review the applications in your Entra ID tenant.

  • Navigate to Microsoft Entra admin center
  • Go to Applications > Enterprise applications
  • Review app registrations and permissions
2

Identify Required Changes

Determine which applications need modification.

  • Compare against expected configuration
  • Identify risky or non-compliant apps
  • Plan remediation approach
3

Apply Remediation

Make the necessary changes to application configurations.

  • Update consent settings as needed
  • Modify application permissions
  • Configure app governance policies
4

Verify Compliance

Confirm applications meet security requirements.

  • Run TrueConfig scan
  • Review any remaining findings
  • Document changes made

Related Resources

Control Reference

Full control documentation

FAQ

Common questions answered

Full Guide

Detailed implementation guide

Workload Identity & Applications Controls

Related security controls

Automate Your Security Configuration

TrueConfig continuously monitors your Microsoft 365 environment and can automatically fix configuration drift. Start your free trial today.

Start Free Trial
← All ControlsView Control Details →