Workload Identity & Applications control for Microsoft 365 and Entra ID
Why This Control Matters
Long-lived or non-expiring secrets are a supply chain attack risk. If a secret is leaked, it remains valid indefinitely. Rotating credentials limits the window of exposure from compromised secrets.
Expected State
When this control is compliant, your tenant should meet these criteria:
1All application secrets (client secrets) have expiration dates
2Maximum secret lifetime is 12 months or less
3Certificate-based authentication is preferred over secrets
4No non-expiring secrets exist
Enforcement
Default Mode
Advisory
Alerts on deviations but does not make changes
Auto-Remediation
Manual Only
Review and update application credentials
Ready to implement this control?
TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.