Drilldown

Purpose

The Applications – Drilldown report provides a detailed overview of all applications registered in Microsoft Entra ID, with a focus on actual usage.

The report helps you:

• Understand which applications are actively used

• Identify unused or inactive applications

• Track end-user sign-ins and system sign-ins (service principals / managed identities)

• Support cleanup, governance, and security reviews

By combining application metadata with sign-in activity, the report enables data-driven decisions around application lifecycle management.

What problem does this report solve?

Over time, Entra ID tenants accumulate applications that:

• Are no longer used

• Were created for temporary projects

• Are used only by automation or integrations

• Still have credentials, permissions, or owners assigned

This report consolidates usage signals into a single view, making it easier to:

• Detect applications that can be reviewed or decommissioned

• Distinguish between user-driven apps and system-only apps

• Reduce security risk from dormant identities

How to use the report

1. Use slicers to narrow down the scope

The slicer menu allows you to filter applications based on usage, ownership, and sign-in behavior.

Available slicers:

• Applications Displays the total number of applications based on the selected filters.

• Microsoft App Filter between Microsoft-owned applications and third-party / custom applications.

• Enabled Filter applications that are enabled or disabled for sign-in.

• App In Use Indicates whether the application is considered in use.

  Logic:

  • No → No user sign-ins, no system sign-ins, and no SCIM configuration

  • Yes → Used by end-users or service principals / managed identities or has SCIM configured

• User Sign-In Filter applications that have been used by end-users.

• Latest User Sign-In Filter applications based on a specific time period for end-user sign-ins.

• System Sign-In Filter applications that have been used by a service principal or managed identity.

• Application Owner Filter applications where an owner is assigned in Entra ID.

• Type Filter by service principal type (for example Application, Managed Identity, Social IdP, Legacy). Reference: https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser#service-principal-object

2. Analyse application details

The Application Details Table shows one row per application and combines configuration data with usage data, such as:

• Application name

• Creation date

• Application owner

• Enabled status

• App in use indicator

• User count

• Last user sign-in

• Last system sign-in

• Service principal type

• Credential and SCIM information (optional via column selector)

Use the Column Selector to customize which attributes are visible depending on your review scenario.

Typical use cases

Identify unused applications

• Filter App In Use = No

• Combine with Enabled = Yes

• Review applications that may be candidates for cleanup

Review service principal usage

• Filter System Sign-In = Yes

• Inspect last system sign-in and service principal type

• Validate automation and integration dependencies

Validate application ownership

• Filter applications without an owner

• Identify apps that require ownership assignment for governance

Support audits and security reviews

• Identify dormant applications with active credentials

• Validate applications with SCIM or long-lived credentials

• Support least-privilege and lifecycle management initiatives