If you are unfamiliar with Microsoft Entra ID (formerly Azure Active Directory) and enterprise app security, you should take steps to change that. Application governance is complex, so its intricacies and importance tend to be overlooked when organizations first create a cloud security strategy. However, failing to properly secure and monitor Entra ID can result in data breaches and monetary loss.
Questions to ask yourself
It starts with asking yourself the following questions:
- Do you know how many Enterprise Apps are in your tenant without admin consent?
- Do you know how many apps have credentials expiring?
- Do you know how many apps in your tenant are considered high-risk or over-privileged?
Ignorance is not bliss; these scenarios (along with many others) present a massive risk to your organizational data residing in Microsoft 365 and should not be ignored.
Where should you begin?
To create or improve your application governance policy, you must understand essential concepts such as Entra ID app registration, enterprise apps, tenants, and consent, and how they function properly together. You can read a recent article I wrote on these topics over on the Petri site: Microsoft Entra ID App Registration and Enterprise App Security Explained.
You understand Entra ID – what now?
Once you grasp the fundamentals and create an application governance policy, the next hurdle is ensuring it’s implemented, maintained and acted upon. This requires adequate oversight to ensure that your organization stays secure, and users aren’t continuously and unknowingly integrating risky apps into Entra ID. My part-2 article on Petri, How to Properly Secure and Govern Microsoft Entra ID Apps, shares some important first steps to creating your app gov policy. The second half of the article walks through ENow’s AppGov Score assessment tool, which I’ve found to supply clear and immediate analysis and guidance around Entra ID enterprise applications, app registrations, and tenant settings.
A quick but meaningful step to improve your Entra ID security today
Over the past few months, I’ve provided ENow Software with input on critical identity best practices, which they’ve incorporated into a new free utility that will quickly quantify the state of your organization’s Microsoft Entra ID application governance. The ENow Application Governance Assessment Report performs over 24 checks against your tenant and gives you an AppGov Score.
If you get stuck, the AppGov score provides the baseline needed to expose urgent threats and gaps in your governance policy, so you can focus your remediation efforts where it matters most.