Discover and triage modern apps

Implementation Effort: Medium – Requires coordination across IT, security, and application teams to inventory and assess applications, but can be streamlined with available tools.

User Impact: Low – The discovery and triage process is conducted by administrators without direct user involvement or disruption.

Overview

Discovering and triaging modern applications involves identifying all applications in use within the organization, including those not previously managed by IT (often referred to as "shadow IT"), and evaluating their security posture, supported authentication protocols and methods, and compliance with organizational policies. This process is essential for establishing a comprehensive application inventory, understanding access patterns, and identifying potential security risks.

In the context of Zero Trust, this activity aligns with the principle of Verify explicitly by ensuring that all applications are known and can be subjected to authentication and authorization policies. It also supports Assume breach by identifying applications that may be vulnerable or misconfigured, thereby reducing the attack surface.

Failure to perform thorough discovery and triage can result in unmanaged applications that bypass security controls, use weak or legacy authentication methods, or have excessive permissions, increasing the risk of data breaches and unauthorized access.

Reference

• Phase 1: Discover and scope apps
• Five steps to integrate your apps with Microsoft Entra ID
• Configure Microsoft Entra for increased security (Preview)
• Integrating Microsoft Entra ID with applications getting started guide