Semperis

As organizations race to adopt AI, one identity challenge is already here: non-human identities are multiplying faster than most teams can govern them. According to the Semperis study The State of Identity Security in the AI Era, accelerated use of AI tools across global organizations is exploding the number of non-human identities in hybrid identity environments where those NHIs already vastly outnumber human users.

AI agents may be the newest pressure point, but many enterprises are still working to secure the workload identities already operating across Microsoft Entra ID. That’s exactly why Become a Wizard of Entra Workload Identities is worth your time. This top-rated session at the 2026 Hybrid Identity Conference (HIP Conf) Europe explores the best practices that support secure delegation and policy configuration for workload owners while minimizing friction for developers.

Rather than staying at the strategy level, presenters Eric Woodruff, Chief Identity Architect at Semperis, and Thomas Naunheim, Cyber Security Architect at glueckkanja AG, deliver practical, technical guidance for practitioners who need to reduce risk now.


To start improving security, understand the Entra ID workload identities you already have

Comprehensive coverage of technical topics like this one is a hallmark of HIP events, and one of the most useful parts of the session is its clear walkthrough of the workload identity landscape in Entra ID.

The speakers break down app registrations versus service principals, explain different workload identity patterns, and compare credential types including secrets, certificates, managed identities, and federated credentials.

Figure 1. Comparison of credential types used by workload identities

For teams trying to secure Entra ID workload identities, that foundation matters: you cannot govern what you do not understand, and you cannot reduce exposure if you are still relying on risky credential handling by default.


Build a more secure foundation with stronger guardrails

Next, the presenters delve deeply into the operational controls practitioners need throughout the full workload identity lifecycle.

Figure 2. The session features detailed, demo-style guidance for securing workload identities

Woodruff and Naunheim cover how to build guardrails for workload identities, safely delegate management to DevOps teams or application owners, and use custom roles and app management policies to reduce unnecessary ownership and limit risky credential practices.

They also touch on identity governance capabilities that can help enforce least privilege for permissions over time.


Secure Entra ID workload identities before AI agents raise the stakes

The guidance in this session is especially timely now. The presenters introduce agent identities and note that many of the lessons from workload identities carry over directly to this emerging class of non-human identity.

Figure 3. Diving into how agents operate in Entra ID

In other words, if your organization is thinking seriously about AI agents, this is not a future problem. It is a reason to mature your controls for workload identities today—before inherited permissions, credential sprawl, and lifecycle blind spots become even harder to manage.

Watch the session to secure Entra ID workload identities in practice—not in theory

The value here is not theoretical. The session pairs governance advice with defensive recommendations, exploring real attack scenarios (including exposed credentials and redirect URI abuse) and practical ways to use Microsoft Defender and XDR for visibility, inventory, and threat hunting.

If you want detailed, real-world guidance on how to secure Entra ID workload identities in the environments you already run, this is a session worth watching.

WATCH THE RECORDING

Want more from expert practitioners dealing with real-world identity security challenges?
Registration is open and a full agenda is up for HIP Conf 26, coming to Nashville September 8-10. Learn more and secure at seat.


Learn more