Assign least-privilege Azure roles, not broad contributor rights
Give workloads and people the narrow Azure role they need instead of defaulting to Contributor.
Give workloads and people the narrow Azure role they need instead of defaulting to Contributor.
Do not let prompt instructions decide what data or actions a user is allowed to access.
Prefer Azure-managed identities over long-lived secrets in deployed applications.