# Unused Applications

### Purpose

The **Unused Applications** report helps identify **Entra ID applications that are not actively used** in the tenant.\
Its primary goal is to support:

* Application lifecycle management
* Security posture improvement
* License and cost optimization
* Reduction of attack surface

By highlighting applications that show **no signs of usage or integration**, the report enables owners and administrators to make informed decisions about **retirement, cleanup, or further investigation**.

***

### What this report shows

This report lists **all applications** in the selected tenant and evaluates whether they are **in use** based on multiple technical signals.

Each row represents **one application registration or enterprise application**, enriched with ownership, configuration, and usage indicators.

The report is intentionally designed so that:

> **The list should be as empty as possible.**

An empty or short list indicates good application hygiene.

***

### Key concepts and definitions

#### Application

An application registered in **Microsoft Entra ID**, including:

* Enterprise applications
* App registrations
* Microsoft-managed and third-party apps
* Service principals and managed identities

***

#### App In Use (important)

**App In Use** is a derived indicator used to determine whether an application is considered active.

**Definition:**

> **App In Use = No**\
> If the application:
>
> * Is **not used by end users**, **and**
> * Is **not used by a service principal or managed identity**, **and**
> * Does **not have SCIM configured**

> **App In Use = Yes**\
> If **any one** of the above conditions is true

This means an application is considered *in use* even if:

* It is only used by automation
* It is only used for provisioning (SCIM)
* It has no recent user sign-ins

***

#### Enabled

Indicates whether the application is currently **enabled** in Entra ID.

* **Yes** – Application can authenticate or be used
* **No** – Application is disabled but still exists

Disabled applications may still represent technical debt and should be reviewed.

***

#### SCIM configured

Shows whether the application has **SCIM provisioning** enabled.

* Applications with SCIM configured are treated as **in use**, even without sign-ins
* Common for HR systems, SaaS apps, and identity lifecycle tools

***

#### Verified publisher

Displays whether the application publisher is **verified by Microsoft**.

* Useful for trust and risk assessment
* Especially relevant when reviewing unused third-party applications

***

### How to use this report

#### 1. Identify unused applications

By default, focus on applications where:

* **App In Use = No**
* **Enabled = Yes**

These represent the **highest cleanup candidates**.

***

#### 2. Filter and narrow scope

Use slicers at the top to focus your review:

* **Enabled** – Focus on enabled but unused apps
* **Application owner** – Review apps without clear ownership
* **Type** – Separate enterprise apps from app registrations
* **Tenant** – Useful in multi-tenant environments
* **Search** – Quickly locate a specific application

***

#### 3. Review application details

Use the **Column Selector** to customize the table view. Commonly useful columns include:

* Application owner
* App In Use
* SCIM configured
* Verified publisher
* License costs
* Creation date

This allows different teams (security, IAM, finance) to review the same data from different perspectives.

***

#### 4. Take action

For each unused application, consider:

| Question                         | Recommended action                  |
| -------------------------------- | ----------------------------------- |
| Is the application still needed? | Validate with the application owner |
| No owner assigned?               | Assign an owner before any decision |
| Legacy or test app?              | Decommission if no longer required  |
| Third-party app with no usage?   | Remove or disable                   |
| Disabled but still listed?       | Clean up to reduce clutter          |

***

### Governance and security value

Regular review of this report helps:

* Reduce unused credentials and secrets
* Limit exposure to stale service principals
* Improve audit readiness
* Lower licensing and operational costs
* Maintain a clean and understandable application landscape


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bsure.io/user-guides/applications/unused-applications.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.