Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

CONNECT data services developer documentation

TABLE OF CONTENTS

Least privilege

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedSep 07, 2023
  • 1 minute read

When creating new users or client credential clients, configure them using the principle of least privilege. For more information, see the Microsoft article Enhance security with the principle of least privilege. Assign users and clients the lowest privileged role necessary to access resources.

Ensure that clients that are not in use are either deleted or disabled by setting the Enabled property to false. This can be done through the portal or through the appropriate API (see Client Credential Clients, Hybrid Clients, or Authorization Code Clients).

To limit the potential consequences of client credential theft, do not assign client-credentials clients to the administrator role. Any actions that require administrator privileges should be done through the portal, when possible.

One client per application

It is recommended to create a client for each instance of a running application. This makes identification easier and decreases the attack surface from a leaked secret. In such an event, only one application needs to be updated.

In This Topic
TitleResults for “How to create a CRG?”Also Available in