As you know, if you have at lease Azure AD P1 license you can configure and use Conditional Access to protect and secure access to your resources.
The Conditional Access feature has been evolving a lot over the past few years and policies apply to either users/groups or devices. Now a new feature (in preview) is available to let you apply Conditional Access policies to workloads identities too.
In case you wonder what is workloads identities, they are basically the service principals or Azure AD apps.
To configure Conditional Access for your workloads identities, connect to your Azure AD portal (https://aad.portal.azure.com/) and access the Azure Active Directory\Security\Conditional Access\Policies blade
Then create a new conditional access policy and choose to apply it to Workload Identities which then let you choose to apply to either all service principals or just a selected ones.
When you select the Select service principals option you will have a new blade listing all applications registered in your tenant to let you select the one(s) you want