Unused Applications

Purpose

The Unused Applications report helps identify Entra ID applications that are not actively used in the tenant. Its primary goal is to support:

• Application lifecycle management

• Security posture improvement

• License and cost optimization

• Reduction of attack surface

By highlighting applications that show no signs of usage or integration, the report enables owners and administrators to make informed decisions about retirement, cleanup, or further investigation.

What this report shows

This report lists all applications in the selected tenant and evaluates whether they are in use based on multiple technical signals.

Each row represents one application registration or enterprise application, enriched with ownership, configuration, and usage indicators.

The report is intentionally designed so that:

The list should be as empty as possible.

An empty or short list indicates good application hygiene.

Key concepts and definitions

Application

An application registered in Microsoft Entra ID, including:

• Enterprise applications

• App registrations

• Microsoft-managed and third-party apps

• Service principals and managed identities

App In Use (important)

App In Use is a derived indicator used to determine whether an application is considered active.

Definition:

App In Use = No If the application:

• Is not used by end users, and

• Is not used by a service principal or managed identity, and

• Does not have SCIM configured

App In Use = Yes If any one of the above conditions is true

This means an application is considered in use even if:

• It is only used by automation

• It is only used for provisioning (SCIM)

• It has no recent user sign-ins

Enabled

Indicates whether the application is currently enabled in Entra ID.

• Yes – Application can authenticate or be used

• No – Application is disabled but still exists

Disabled applications may still represent technical debt and should be reviewed.

SCIM configured

Shows whether the application has SCIM provisioning enabled.

• Applications with SCIM configured are treated as in use, even without sign-ins

• Common for HR systems, SaaS apps, and identity lifecycle tools

Verified publisher

Displays whether the application publisher is verified by Microsoft.

• Useful for trust and risk assessment

• Especially relevant when reviewing unused third-party applications

How to use this report

1. Identify unused applications

By default, focus on applications where:

• App In Use = No

• Enabled = Yes

These represent the highest cleanup candidates.

2. Filter and narrow scope

Use slicers at the top to focus your review:

• Enabled – Focus on enabled but unused apps

• Application owner – Review apps without clear ownership

• Type – Separate enterprise apps from app registrations

• Tenant – Useful in multi-tenant environments

• Search – Quickly locate a specific application

3. Review application details

Use the Column Selector to customize the table view. Commonly useful columns include:

• Application owner

• App In Use

• SCIM configured

• Verified publisher

• License costs

• Creation date

This allows different teams (security, IAM, finance) to review the same data from different perspectives.

4. Take action

For each unused application, consider:

Governance and security value

Regular review of this report helps:

• Reduce unused credentials and secrets

• Limit exposure to stale service principals

• Improve audit readiness

• Lower licensing and operational costs

• Maintain a clean and understandable application landscape