Service principals

  • Last update on October 11th, 2024

Legacy CoreView solutions

An Entra ID app connector is available for owners of legacy CoreView offerings who would like to have access to this feature. Please contact your CSM to learn more.

 

This report provides a detailed list of Entra ID apps, including “App registrations” and “Enterprise apps”, with access to your tenant data. It offers an overview of all applications in your tenant, displaying in a single panel the information accessible for each app when selected in the Microsoft Admin Center.

“Service principals” report.

Report insights

Report insights empower operators managing service principals to easily focus on critical points and prioritize their actions effectively. By utilizing these filters, operators can review key items such as unused apps, unverified publishers, and apps without owners. 

The filters provided work in conjunction, meaning that selecting multiple filters will apply an “ANDboolean operation, refining the results accordingly.

Service principal report with one report insight filter applied.
The same report with two report insight filters applied.

Additionally, operators can filter directly within the report, with the numbers updating dynamically in the insights above to reflect the filtered data. This functionality ensures that operators have a clear and accurate view of the most pressing issues, enabling them to take informed and timely actions.

Key report properties

The main columns in the “Service principals” report include:

Service principals display name: the registered name of the app on your tenant.

Application name: the actual name of the application.

Is app registration: identifies apps built by your organization. You can also find these apps listed in the App registrations report.

Publisher: the entity that created the app.

Built-in: identifies apps that are natively integrated within your tenant. Set this column to false to exclude them.

Enabled: indicates whether the app is active. Apps can be disabled to isolate them from your tenant.

Verified: indicates if an app publisher has completed verification with Microsoft. Verified publishers are considered more secure and reliable. (Note: This information is only available for “Enterprise apps”.)

Owners: displays the number of owners for each app. Clicking on this number will open the “Service principal owners” report in a new page.

Delegated permission grants: indicates the number of permissions an admin has delegated to the app. For more detailed information, refer to the “Service principal delegated permissions” report. Clicking on this number will open the “Delegated permissions” report in a new page.

The count in the “Delegated permissions” report might read one higher than the number of users indicated in the “Service principals” report. This discrepancy occurs because the delegated permissions count includes the number of delegations from users plus the AllPrincipals delegation, whereas the Service Principals report only displays the count of users.

 

Application permissions (app role assignments): shows the number of consents required by the app, such as requests to access a list of users or to read your mailbox. These permissions are the same as those granted through admin consent in the “Permissions” section of the Microsoft Admin Center. Clicking on this number will open the “Application permissions” report in a new page.

Home page: lists the URL of the app's homepage, if available.

Type: indicates the type of service principal, e.g., “Application”.

Sign-in: this indicates the usage of service principal sign-in activity within a tenant. It provides details on the last time a service principal was used. For further details, please consult the Microsoft documentation.

Membership count: this field displays the number of users a service principal has been directly assigned to.

This report aims to provide a detailed and accessible overview of the apps within your tenant, facilitating better management and oversight of app properties and permissions.