# Drilldown ### Purpose The **Applications – Drilldown** report provides a detailed overview of all applications registered in **Microsoft Entra ID**, with a focus on **actual usage**. The report helps you: * Understand **which applications are actively used** * Identify **unused or inactive applications** * Track **end-user sign-ins** and **system sign-ins** (service principals / managed identities) * Support **cleanup, governance, and security reviews** By combining application metadata with sign-in activity, the report enables data-driven decisions around application lifecycle management. *** ### What problem does this report solve? Over time, Entra ID tenants accumulate applications that: * Are no longer used * Were created for temporary projects * Are used only by automation or integrations * Still have credentials, permissions, or owners assigned This report consolidates **usage signals** into a single view, making it easier to: * Detect applications that can be **reviewed or decommissioned** * Distinguish between **user-driven apps** and **system-only apps** * Reduce **security risk** from dormant identities *** ### How to use the report #### 1. Use slicers to narrow down the scope The slicer menu allows you to filter applications based on usage, ownership, and sign-in behavior. **Available slicers:** * **Applications**\ Displays the total number of applications based on the selected filters. * **Microsoft App**\ Filter between Microsoft-owned applications and third-party / custom applications. * **Enabled**\ Filter applications that are enabled or disabled for sign-in. * **App In Use**\ Indicates whether the application is considered in use. **Logic:** * **No** → No user sign-ins, no system sign-ins, and no SCIM configuration * **Yes** → Used by end-users **or** service principals / managed identities **or** has SCIM configured * **User Sign-In**\ Filter applications that have been used by end-users. * **Latest User Sign-In**\ Filter applications based on a specific time period for end-user sign-ins. * **System Sign-In**\ Filter applications that have been used by a **service principal or managed identity**. * **Application Owner**\ Filter applications where an owner is assigned in Entra ID. * **Type**\ Filter by service principal type (for example Application, Managed Identity, Social IdP, Legacy).\ Reference:\ *** #### 2. Analyse application details The **Application Details Table** shows one row per application and combines configuration data with usage data, such as: * Application name * Creation date * Application owner * Enabled status * App in use indicator * User count * Last user sign-in * Last system sign-in * Service principal type * Credential and SCIM information (optional via column selector) Use the **Column Selector** to customize which attributes are visible depending on your review scenario. *** ### Typical use cases #### Identify unused applications * Filter **App In Use = No** * Combine with **Enabled = Yes** * Review applications that may be candidates for cleanup #### Review service principal usage * Filter **System Sign-In = Yes** * Inspect last system sign-in and service principal type * Validate automation and integration dependencies #### Validate application ownership * Filter applications **without an owner** * Identify apps that require ownership assignment for governance #### Support audits and security reviews * Identify dormant applications with active credentials * Validate applications with SCIM or long-lived credentials * Support least-privilege and lifecycle management initiatives --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bsure.io/user-guides/applications/drilldown.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.