Merge pull request #231782 from rwike77/workload-identities2

ttorble · web-flow · commit 498e2bde8345 · 2023-03-23T09:38:46.000Z
Workload identities auth methods
diff --git a/articles/active-directory/workload-identities/TOC.yml b/articles/active-directory/workload-identities/TOC.yml
@@ -47,6 +47,12 @@
         href: ../reports-monitoring/recommendation-remove-unused-credential-from-apps.md?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json
       - name: Renew expiring application credentials
         href: ../reports-monitoring/recommendation-renew-expiring-application-credential.md?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json
+  - name: Enforce app management restrictions
+    items:
+      - name: All apps and service principals in a tenant
+        href: /graph/api/resources/tenantappmanagementpolicy?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json
+      - name: Specific apps and service principals
+        href: /graph/api/resources/appmanagementpolicy?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json
   - name: Reference
     items:
     - name: Federated identity credentials considerations and limitations
diff --git a/articles/active-directory/workload-identities/breadcrumb/toc.yml b/articles/active-directory/workload-identities/breadcrumb/toc.yml
@@ -25,4 +25,7 @@
     topicHref: /azure/active-directory/index
   - name: Active Directory
     tocHref: /azure/active-directory/reports-monitoring/
+    topicHref: /azure/active-directory/index
+  - name: Active Directory
+    tocHref: /graph/api/resources/
     topicHref: /azure/active-directory/index
diff --git a/articles/active-directory/workload-identities/index.yml b/articles/active-directory/workload-identities/index.yml
@@ -55,6 +55,13 @@ landingContent:
           - text: Configure a managed identity to trust an external identity provider
             url: workload-identity-federation-create-trust-user-assigned-managed-identity.md
   # Card
+  - title: Enforce best practice for how apps use auth methods
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Application authentication methods API
+            url: /graph/api/resources/applicationauthenticationmethodpolicy?toc=/azure/active-directory/workload-identities/toc.json&bc=/azure/active-directory/workload-identities/breadcrumb/toc.json
+  # Card
   - title: Secure risky workload identities
     linkLists:
       - linkListType: overview
