# Drilldown ### Purpose The **Applications – Drilldown** report provides a detailed overview of all applications registered in **Microsoft Entra ID**, with a focus on **actual usage**. The report helps you: * Understand **which applications are actively used** * Identify **unused or inactive applications** * Track **end-user sign-ins** and **system sign-ins** (service principals / managed identities) * Support **cleanup, governance, and security reviews** By combining application metadata with sign-in activity, the report enables data-driven decisions around application lifecycle management. *** ### What problem does this report solve? Over time, Entra ID tenants accumulate applications that: * Are no longer used * Were created for temporary projects * Are used only by automation or integrations * Still have credentials, permissions, or owners assigned This report consolidates **usage signals** into a single view, making it easier to: * Detect applications that can be **reviewed or decommissioned** * Distinguish between **user-driven apps** and **system-only apps** * Reduce **security risk** from dormant identities *** ### How to use the report #### 1. Use slicers to narrow down the scope The slicer menu allows you to filter applications based on usage, ownership, and sign-in behavior. **Available slicers:** * **Applications**\ Displays the total number of applications based on the selected filters. * **Microsoft App**\ Filter between Microsoft-owned applications and third-party / custom applications. * **Enabled**\ Filter applications that are enabled or disabled for sign-in. * **App In Use**\ Indicates whether the application is considered in use. **Logic:** * **No** → No user sign-ins, no system sign-ins, and no SCIM configuration * **Yes** → Used by end-users **or** service principals / managed identities **or** has SCIM configured * **User Sign-In**\ Filter applications that have been used by end-users. * **Latest User Sign-In**\ Filter applications based on a specific time period for end-user sign-ins. * **System Sign-In**\ Filter applications that have been used by a **service principal or managed identity**. * **Application Owner**\ Filter applications where an owner is assigned in Entra ID. * **Type**\ Filter by service principal type (for example Application, Managed Identity, Social IdP, Legacy).\ Reference:\ *** #### 2. Analyse application details The **Application Details Table** shows one row per application and combines configuration data with usage data, such as: * Application name * Creation date * Application owner * Enabled status * App in use indicator * User count * Last user sign-in * Last system sign-in * Service principal type * Credential and SCIM information (optional via column selector) Use the **Column Selector** to customize which attributes are visible depending on your review scenario. *** ### Typical use cases #### Identify unused applications * Filter **App In Use = No** * Combine with **Enabled = Yes** * Review applications that may be candidates for cleanup #### Review service principal usage * Filter **System Sign-In = Yes** * Inspect last system sign-in and service principal type * Validate automation and integration dependencies #### Validate application ownership * Filter applications **without an owner** * Identify apps that require ownership assignment for governance #### Support audits and security reviews * Identify dormant applications with active credentials * Validate applications with SCIM or long-lived credentials * Support least-privilege and lifecycle management initiatives