Entra ID

Latest Articles

Practical Graph: Tracking Critical App Actions Through Audit Events

App management audit events are captured when changes are made to Entra registered and enterprise apps. Critical app management audit events should be closely monitored to ensure that permissions are used properly and attackers haven't attempted to penetrate the tenant to extract data. This article explains how to find and analyze audit data for some critical app management audit events and run the code as an Azure Automation runbook.

July 8, 2025

Practical Graph: Use App Management Policies to Control App Credentials

App secrets are used to authenticate registered apps with Entra ID. App secrets (or passwords) are convenient and easy to use, but they're relatively insecure. The default app management policy for the tenant can block app secrets while custom app management policies can allow selective apps to use app secrets for testing or other well-defined purposes. All explained here.

May 5, 2025