Each user or application that has to access production data does so using a unique and individual identity that is managed by Azure AD.
For all human users, they are required to use strong passwords as well as MFA (multi-factor authentication).
For all machine users, they have separate application identities that can either be configured by MSI (preferred when supported) or a distinct ID and secret.