No Service Principal with Client Secret and permanent role assignment on Control Plane
Description
Permanent Assignments of high-privileged Entra ID directory roles will be checked to identify privileges service principals with client secrets. Related roles will be identified based on the classification model from the EntraOps project which helps to identify directory roles with Control Plane (Tier0) permissions.
How to fix
It's recommended to use certificates for Service Principals. Review if you can replace client secrets by certificates or use managed identities instead of a Service Principal.