You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/conditional-access/workload-identity.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ services: active-directory
6
6
ms.service: active-directory
7
7
ms.subservice: workload-identities
8
8
ms.topic: how-to
9
-
ms.date: 01/05/2023
9
+
ms.date: 04/04/2023
10
10
11
11
ms.author: joflore
12
12
author: MicrosoftGuyJFlo
@@ -29,7 +29,7 @@ These differences make workload identities harder to manage and put them at high
29
29
30
30
> [!IMPORTANT]
31
31
> Workload Identities Premium licenses are required to create or modify Conditional Access policies scoped to service principals.
32
-
> In directories without appropriate licenses, existing Conditional Access policies for workload identities will continue to function, but can't be modified. For more information see [Microsoft Entra Workload Identities](https://www.microsoft.com/security/business/identity-access/microsoft-entra-workload-identities#office-StandaloneSKU-k3hubfz).
32
+
> In directories without appropriate licenses, existing Conditional Access policies for workload identities will continue to function, but can't be modified. For more information, see [Microsoft Entra Workload Identities](https://www.microsoft.com/security/business/identity-access/microsoft-entra-workload-identities#office-StandaloneSKU-k3hubfz).
33
33
34
34
> [!NOTE]
35
35
> Policy can be applied to single tenant service principals that have been registered in your tenant. Third party SaaS and multi-tenanted apps are out of scope. Managed identities are not covered by policy.
@@ -49,7 +49,7 @@ Create a location based Conditional Access policy that applies to service princi
49
49
1. Under **Assignments**, select **Users or workload identities**.
50
50
1. Under **What does this policy apply to?**, select **Workload identities**.
51
51
1. Under **Include**, choose **Select service principals**, and select the appropriate service principals from the list.
52
-
1. Under **Cloud apps or actions**, select **All cloud apps**. The policy will apply only when a service principal requests a token.
52
+
1. Under **Cloud apps or actions**, select **All cloud apps**. The policy applies only when a service principal requests a token.
53
53
1. Under **Conditions** > **Locations**, include **Any location** and exclude **Selected locations** where you want to allow access.
54
54
1. Under **Grant**, **Block access** is the only available option. Access is blocked when a token request is made from outside the allowed range.
55
55
1. Your policy can be saved in **Report-only** mode, allowing administrators to estimate the effects, or policy is enforced by turning policy **On**.
@@ -68,7 +68,7 @@ Create a risk-based Conditional Access policy that applies to service principals
68
68
1. Under **Assignments**, select **Users or workload identities**.
69
69
1. Under **What does this policy apply to?**, select **Workload identities**.
70
70
1. Under **Include**, choose **Select service principals**, and select the appropriate service principals from the list.
71
-
1. Under **Cloud apps or actions**, select **All cloud apps**. The policy will apply only when a service principal requests a token.
71
+
1. Under **Cloud apps or actions**, select **All cloud apps**. The policy applies only when a service principal requests a token.
72
72
1. Under **Conditions** > **Service principal risk**
73
73
1. Set the **Configure** toggle to **Yes**.
74
74
1. Select the levels of risk where you want this policy to trigger.
0 commit comments