Microsoft Entra Workload Identities Service Adds Support for App Health Recommendations
Published: Jul 03, 2023
Microsoft has introduced support for app health recommendations in Microsoft Entra Workload Identities. The feature provides insights with actionable guidance to help organizations prevent outages and secure their Azure AD environments.
Microsoft Entra Workload Identities launched back in November 2022. It’s an identity and access management (IAM) solution that enables IT admins to configure Conditional Access policies to protect apps and services. The service simplifies the process of identifying and reducing risks associated with non-human identities.
How does the app health recommendations feature work?
The app health recommendations feature allows customers to improve app hygiene in their organization. For instance, administrators can remove apps that haven’t been used for over 30 days. It’s also possible to remove unused credentials and ensure the timely renewal of expiring ones.
“Removing unused applications and unused app credentials improves the security posture of a workload identity portfolio and promotes good identity hygiene. It reduces the risk of compromise- for example, by a bad actor discovering an unused application and abusing it. Depending on the permissions granted to the unused identity, this could lead to exposure of sensitive organizational data or enable lateral movement to further the actor’s objectives,” Microsoft explained.
Currently, Microsoft Entra Workload Identities supports three types of app health recommendations. These include unused applications, unused application credentials, and expiring application credentials. It’s possible to update the status of a recommendation automatically or manually.
Getting started with app health recommendations
- Sign in to the Azure AD or Microsoft Entra admin center and click the Recommendations option.
- Choose any recommendation from the list to view the details, action plan, and status. Now, follow the Action plan.
- Right-click on the status of a resource in a recommendation, click Mark as, and select any status from the list.
Microsoft advises organizations to closely monitor their security posture in order to minimize the risk of system failures and cyberattacks. We invite you to check out this support page to learn more about best practices for securing workload identities in Microsoft Entra.