Episode 423 – Non-Human Identities in Microsoft Entra with Eric Woodruff and Chris Brumm
Welcome to Episode 423 of the Microsoft Cloud IT Pro Podcast. In this episode, Ben is live from Workplace Ninjas, joined by Eric Woodruff, Chief Identity Architect at Semperis and Microsoft MVP in Security focused on identity, and Chris Brumm, Cyber Security Architect at glueckkanja and Microsoft MVP in Security with over 16 years of experience in cybersecurity. Together they dig into the often-overlooked world of non-human identities in Microsoft Entra ID. They cover what service principals are, why they tend to fly under the radar compared to user accounts, and how attackers actively exploit that gap. The conversation spans credential management best practices, the risks of improper owner assignments, the challenges of multi-tenant app configurations, and why managed identities should be your go-to wherever possible. They also discuss the growing challenge of AI agent identities and what IT pros need to start thinking about now before that surface area explodes.
Show Notes
- Eric Woodruff on LinkedIn
- Eric Woodruff on X (@ericanidentity)
- Eric on Identity
- Chris Brum on LinkedIn
- Chris Brumm on X (@cbrhh)
- Chris Brumm’s Blog
- Application and service principal objects in Microsoft Entra ID
- Workload Identities
- Securing service principals in Microsoft Entra ID
- Securing managed identities in Microsoft Entra ID
- Conditional Access for Workload Identities
- Microsoft Entra Audit Logs
- Microsoft Sentinel Detection Templates
Eric Woodruff is the Chief Identity Architect at Semperis and a Microsoft MVP in Security with a focus on identity. He specializes in all things Microsoft Entra and Active Directory, with a passion for helping organizations understand and secure both human and non-human identities. You can find Eric on social media as @ericanidentity.
Chris Brumm is a Cyber Security Architect at glueckkanja based in Germany, with over 16 years of experience across virtually every corner of cybersecurity. He is a Microsoft MVP in Security with a primary focus on identity security. His team operates SOC services and he brings a detection and response perspective to identity risk, helping organizations build lifecycle processes and monitoring strategies for non-human identities in Microsoft Entra.
About the sponsors
 |
TrustedTech is a leading Microsoft Cloud Solution Provider (CSP) specializing in Microsoft Cloud services, Microsoft perpetual licensing, and Microsoft Support Services for medium and enterprise-sized businesses. Our robust team of in-house, U.S-based Microsoft architects and engineers are certified in all 6/6 Microsoft Solutions Partner Designations in the Microsoft Cloud Partner Program. |
 |
At Intelligink, our focus is singular: the Microsoft cloud. Our Microsoft 365 and Azure experts help you work securely and efficiently by unlocking the full value of what you’re already paying for, so you can focus on running your business. |
Published on:
Learn more