New Microsoft Entra Recommendations will help you enhance security and boost productivity

These are available starting from April 2, 2024

Reading time icon 4 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

New Microsoft Entra Recommendations will help you enhance security and boost productivity

Microsoft recently announced the general availability of four recommendations in Microsoft Entra and another three recommendations in public preview.

Here are the new and upcoming recommendations that ensure the security of your apps mentioned in the blog post:

  • Remove unused credentials from applications: An application credential is used to get a token that grants access to a resource or another service. If an application credential is compromised, it could be used to access sensitive resources or allow a bad actor to move latterly, depending on the access granted to the application. Removing credentials not actively used by applications improves security posture and promotes application hygiene. It reduces the risk of application compromise and improves the security posture of the application by reducing the attack surface for credential misuse by discovery. 
  • Renew expiring service principal credentials: Renewing the service principal credential(s) before expiration ensures the application continues to function and reduces the possibility of downtime due to an expired credential. 
  • Renew expiring application credentials: Renewing the app credential(s) before its expiration ensures the application continues to function and reduces the possibility of downtime due to an expired credential. 
  • Remove unused applications: Removing unused applications improves the security posture and promotes good application hygiene. It reduces the risk of application compromise by someone discovering an unused application and misusing it. Depending on the permissions granted to the application and the resources that it exposes, an application compromise could expose sensitive data in an organization.  
  • Migrate applications from the retiring Azure AD Graph APIs to Microsoft Graph: The Azure AD Graph service (graph.windows.net) was announced as deprecated in 2020 and is in a retirement cycle. It’ is important that applications in your tenant, and applications supplied by vendors that are consented in your tenant (service principals), are updated to use Microsoft Graph APIs as soon as possible. This recommendation reports applications that have recently used Azure AD Graph APIs, along with more details about which Azure AD Graph APIs the applications are using. 
  • Migrate Service Principals from the retiring Azure AD Graph APIs to Microsoft Graph: The Azure AD Graph service (graph.windows.net) was announced as deprecated in 2020 and is in a retirement cycle. It’ is important that service principals in your tenant, and service principals for applications supplied by vendors that are consented in your tenant, are updated to use Microsoft Graph APIs as soon as possible. This recommendation reports service principals that have recently used Azure AD Graph APIs, along with more details about which Azure AD Graph APIs the service principals are using. 

To find these recommendations in general availability, go to the Microsoft Entra portal, go to Recommendations, click on the Release Type column, and look for Generally Available.

icrosoft Entra recommendations portal

Microsoft also mentioned some new developments in the Identity Secure Score within Entra; these improvements are customized as per your configuration. With this feature, organizations can get a percentage score showing how well their company’s posture aligns with Microsoft’s recommendations.

The Secure Score recommendation, which is in the public preview, will help you protect your organization from insider risk. Soon, it will also be available to the general public.

This feature stresses the importance of protecting tenants with Insider Risk policies, which shows Microsoft’s focus on ensuring that organizations can identify and eliminate potential internal security risks.

In addition to all of these recommendations, as mentioned in the blog post, Microsoft plans to introduce new capabilities, such as email notifications to inform users of new recommendations and delegation of capabilities to other roles, to ensure better security.

What are your thoughts on the matter? Share your opinions with our readers in the comments section below.

More about the topics: microsoft entra

User forum

0 messages