Microsoft has introduced support for app health recommendations in Microsoft Entra Workload Identities. The feature provides insights with actionable guidance to help organizations prevent outages and secure their Azure AD environments.
Microsoft Entra Workload Identities launched back in November 2022. It’s an identity and access management (IAM) solution that enables IT admins to configure Conditional Access policies to protect apps and services. The service simplifies the process of identifying and reducing risks associated with non-human identities.
The app health recommendations feature allows customers to improve app hygiene in their organization. For instance, administrators can remove apps that haven’t been used for over 30 days. It’s also possible to remove unused credentials and ensure the timely renewal of expiring ones.
“Removing unused applications and unused app credentials improves the security posture of a workload identity portfolio and promotes good identity hygiene. It reduces the risk of compromise- for example, by a bad actor discovering an unused application and abusing it. Depending on the permissions granted to the unused identity, this could lead to exposure of sensitive organizational data or enable lateral movement to further the actor’s objectives,” Microsoft explained.
Currently, Microsoft Entra Workload Identities supports three types of app health recommendations. These include unused applications, unused application credentials, and expiring application credentials. It’s possible to update the status of a recommendation automatically or manually.
Microsoft advises organizations to closely monitor their security posture in order to minimize the risk of system failures and cyberattacks. We invite you to check out this support page to learn more about best practices for securing workload identities in Microsoft Entra.