Forum Discussion
New Blog | Introducing new and upcoming Entra Recommendations to enhance security and productivity
Managing the myriad settings and resources within your tenant can be daunting. In an era of escalating security risks and an unprecedented global threat landscape, organizations seek trusted guidance to enhance their security posture That’s why we introduced Microsoft Entra Recommendations to diligently monitor your tenant’s status, ensuring it remains secure and healthy. Moreover, they empower you to extract maximum value from the features offered by Microsoft Entra ID. Since the launch of Microsoft Entra recommendations, thousands of customers have adopted these recommendations and resolved millions of resources.
Today, we’re thrilled to announce the upcoming general availability of four recommendations, and another three recommendations in public preview. We’re also excited to share new updates on Identity secure score. These recommendations cover a wide spectrum, including credentials, application health, and broader security settings—equipping you to safeguard your digital estate effectively.
Presenting new and upcoming recommendations- Learn from our best practices.
The following list of new and upcoming recommendations help improve the health and security of your applications:
- Remove unused credentials from applications: An application credential is used to get a token that grants access to a resource or another service. If an application credential is compromised, it could be used to access sensitive resources or allow a bad actor to move latterly, depending on the access granted to the application. Removing credentials not actively used by applications improves security posture and promotes application hygiene. It reduces the risk of application compromise and improves the security posture of the application by reducing the attack surface for credential misuse by discovery.
- Renew expiring service principal credentials: Renewing the service principal credential(s) before expiration ensures the application continues to function and reduces the possibility of downtime due to an expired credential.
- Renew expiring application credentials: Renewing the app credential(s) before its expiration ensures the application continues to function and reduces the possibility of downtime due to an expired credential.
- Remove unused applications: Removing unused applications improves the security posture and promotes good application hygiene. It reduces the risk of application compromise by someone discovering an unused application and misusing it. Depending on the permissions granted to the application and the resources that it exposes, an application compromise could expose sensitive data in an organization.
- Migrate applications from the retiring Azure AD Graph APIs to Microsoft Graph: The Azure AD Graph service (graph.windows.net) was announced as deprecated in 2020 and is in a retirement cycle. It’ is important that applications in your tenant, and applications supplied by vendors that are consented in your tenant (service principals), are updated to use Microsoft Graph APIs as soon as possible. This recommendation reports applications that have recently used Azure AD Graph APIs, along with more details about which Azure AD Graph APIs the applications are using.
- Migrate Service Principals from the retiring Azure AD Graph APIs to Microsoft Graph: The Azure AD Graph service (graph.windows.net) was announced as deprecated in 2020 and is in a retirement cycle. It’ is important that service principals in your tenant, and service principals for applications supplied by vendors that are consented in your tenant, are updated to use Microsoft Graph APIs as soon as possible. This recommendation reports service principals that have recently used Azure AD Graph APIs, along with more details about which Azure AD Graph APIs the service principals are using.
You can find these recommendations that are in general availability on the Microsoft Entra recommendations portal by looking for “Generally Available” under the column titled “Release Type” as shown below.
Read the full post here: Introducing new and upcoming Entra Recommendations to enhance security and productivity