MC1387572: Microsoft Defender for Cloud Apps: App governance expands to all Entra service principals
Microsoft Defender for Cloud Apps will expand app governance to include all Microsoft Entra service principals, enhancing visibility and security by incorporating Entra role assignments into privilege classification. The rollout starts late June 2026, increasing app visibility, alerts, and requir...
[What and Why:]
We are expanding app governance in Microsoft Defender for Cloud Apps to include all Microsoft Entra service principals, not just those with API permissions. This enhancement improves visibility into non-human identities and strengthens your organization’s security posture. We are also starting to provide visibility into Entra Roles assigned to the service principals. Additionally, we are incorporating Entra role assignments into privilege classification, giving administrators a more accurate view of application risk and strengthening security, governance, and compliance.
[Rollout Schedule:]
- We will begin rolling out in late June 2026 and expect to complete by early July 2026.
[Impact on Your Organization:]
Who is affected: Security administrators, identity administrators, and SOC teams managing Microsoft Defender for Cloud Apps and Microsoft Entra ID.
Platforms/Services: Microsoft Defender for Cloud Apps, Microsoft Entra ID
What will happen:
- All Entra service principals (excluding managed identities and Microsoft first-party apps) will now be visible in app governance.
- Privilege classification will consider both:
- API permissions
- Entra role assignments
- Apps will be classified as:
- High privilege (high-risk API permissions or Entra roles)
- Medium privilege
- Low privilege
- You may see a significant increase in total apps displayed.
- The number of high-privilege apps may increase due to role-based evaluation.
- Existing custom policies will evaluate against a broader set of service principals, potentially increasing alerts.
- The feature is enabled by default with no configuration required.
[Action Required / Recommendations:]
No action is required for the rollout. However, to prepare:
- Inform your SOC and security teams about:
- Increased visibility of service principals
- Potential increase in alerts
- Review and adjust custom app governance policies to:
- Refine scope
- Reduce potential alert fatigue
- Update internal monitoring and triage processes if needed.
- Review app privilege classifications to identify newly surfaced high-risk service principals.
Learn more: App governance visibility and insights - Microsoft Defender for Cloud Apps | Microsoft Learn (will be updated before rollout)
[Compliance considerations:]
- Admins gain expanded monitoring and reporting visibility across all service principals.