SOLVED

App governance "Unused app" policy generating too many and wrong alerts

Steel Contributor

The "Unused app" policy, which can be found in Microsoft 365 Defender > App governance > Policies keeps generating multiple Alerts for the same two OAuth apps (50 Alerts per day). One of the apps is deleted, and the other app is disabled in Azure AD.

 

I contacted Microsoft Support and to solve the problem they wanted to disable e-mail notifications for new Microsoft 365 Defender Alerts... The diagnose was that Microsoft 365 Defender was not communicating with Azure AD, and I should give a one star rating using the Feedback button. This didn't seem satisfactory.

 

How could I troubleshoot the connection between Microsoft 365 Defender and Azure AD for Cloud Apps, and the wrong Alerts generated by Defender for Cloud Apps?

1 Reply
best response confirmed by Kiril (Steel Contributor)
Solution
Hi Kiril
There is no action required on your side to further troubleshoot the incydent.
We have identified and fixed the issue that led to unusual increase in creation of app governance alerts. Due to a bug in the recent release, some customers would have received duplicate app governance alerts from around 19th March 2023. We are currently working on resolving/removing the duplicate alerts that were created over the past few days. 
1 best response

Accepted Solutions
best response confirmed by Kiril (Steel Contributor)
Solution
Hi Kiril
There is no action required on your side to further troubleshoot the incydent.
We have identified and fixed the issue that led to unusual increase in creation of app governance alerts. Due to a bug in the recent release, some customers would have received duplicate app governance alerts from around 19th March 2023. We are currently working on resolving/removing the duplicate alerts that were created over the past few days. 

View solution in original post