Application management policies

  • Last update on September 26th, 2024

The remediation action for Application management policies is NOT available in the Essentials solution.

 

These policies are designed to enhance Entra ID app management and security. 

The list below provides an overview of the Application management out-of-the-box policies, what type of remediation action they are set to execute, and which remediation settings you can configure.


App registrations with expiring certificates

Show more

Description

This policy is designed to monitor application registrations with certificates nearing expiration. 

It lists the application's display name, the certificate thumbprint, a description of the app, the key ID, and the certificate's expiration date, focusing on those expiring in the next 30 days. 

This tool helps IT administrators proactively renew certificates and maintain application security and functionality.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Set the policy to target expiring certificates in the next 30, 60, or 90 days
  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
 

App registrations with expiring secrets

Show more

Description

This policy helps you keep track of app registrations with secrets that are about to expire.

It shows the app's name, the secret's name, when it was created, and when it's set to expire. You'll also see the unique application ID. 

This tool is useful for staying on top of your app security, ensuring you renew or update secrets before they cause access issues. This way, you can keep your apps running smoothly and securely.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Set the policy to target expiring secrets in the next 30, 60, or 90 days
  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
 
 

Enterprise apps with unverified publishers

Show more

Description

This policy identifies enterprise applications with unverified publishers in your environment. It provides key information including the application name, service principal display name, publisher, verification status, and whether the app is enabled. 

Additionally, it indicates if the app is a custom registration or built-in. 

This tool helps IT security teams assess and manage potential risks associated with unverified applications, ensuring compliance with organizational security policies and maintaining the integrity of your enterprise app ecosystem.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
 
 

Enterprise apps without owners

Show more

Description

This policy identifies enterprise applications that currently have no assigned owners. 

It displays information such as the application name, service principal display name, publisher, and enabled status. 

The policy confirms the lack of owners and indicates whether the app is a custom registration or built-in. By highlighting apps without owners, this policy enables prompt assignment of responsibility, ensuring better management and security oversight of enterprise applications.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
 
 

Unused enterprise apps

Show more

Description

This policy identifies enterprise applications that have not been used recently.

It displays the application name and the service principal display name, and tracks the last sign-in activity, focusing on apps with no sign-ins in the previous 90 days. 

It also provides information about the publisher, confirms whether the app is enabled, and indicates whether it is a registered app or a built-in service.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Set the policy to target apps without sign-ins in the previous 30, 60, 90, 180 days, or ever.
  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
 
 

Long-term expiry app registration secrets

Show more

Description

This policy identifies app registration with secrets that expire beyond a 180-day threshold.

It displays the application name, the secret display name, the creation date, and the expiration date, focusing on apps with secrets expiring in over 180 days.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
 
 

Long-term expiry app registration certificates

Show more

Description

This policy identifies app registration with certificates that expire beyond a 180-day threshold.

It displays the application name, the thumbprint, the key ID, the creation date, and the expiration date, focusing on apps with certificates expiring in over 180 days.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
 
 

Expired app secrets

Show more

Description

This policy identifies app registration secrets that have expired but have not been removed yet.

It displays the application name and ID, the secret display name, the key ID, the creation date, and the expiration date.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
 
 

Expired app certificates

Show more

Description

This policy identifies app registration certificates that have expired but have not been removed yet.

It displays the application name and ID, the certificate display name, the key ID, the creation date, and the expiration date.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action