Azure AD Applications - Needs
- Allow applications in Azure AD to be organised into folders so business units who work in this space can 'claim' applications.
- Provide the ability to rename applications or application instances once created.
- Provide visbility of what user created an application.
- Provide the ability to 'lock' applications from being accidently deleted.
- Deletion of applications requires X global admins to approve, at the moment a rogue admin could destroy an SSO setup for an entire company in minutes...
Thank you for your feedback, some of the suggestions are already available:
- Ability to rename applications
- Provide visibility of what users created an application: You can use audit activity reports: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-activity-audit-logs
Regarding the other suggestions, I’ll update this once it’s a planned feature. In the meantime, keep the voting coming so we can prioritize this higher.
Eric C Kool-Brown commented
Auditing who created an app/SP using ALA is a bit of a pain. It would be trivial to automatically set the first app/SP owner to the account that creates it. Please consider doing this.
Ghisaidoobe, Rochen commented
I do like the idea of free form tagging as at that moment you can decide to either tag by Business or by Type (HR, IT, Finance, Sales).
Another idea, and this maybe a step too far for now, could also be to have an area for suggested apps. And these apps would then be populated by popularity of usage of apps by your peers. Of course all will be security trimmed and you will only see apps which you are allowed to see.
Regarding "Allow applications in Azure AD to be organised into folders so business units who work in this space can 'claim' applications" - We are exploring enabling tagging applications. Would a capability where we allow free-form tagging be helpful to address this? That way you can "tag" applications based on the business unit.