Professional

Identify and Remove Unused Applications

This guide explains how to use EasyLife 365 Identity to identify unused applications and safely remove them from your Microsoft Entra ID tenant.

Important

EasyLife 365 Identity helps you identify unused applications based on sign-in activity, but you should always double-check and consider internal organizational decisions before disabling or deleting applications. Some applications may be legitimately inactive but still necessary (emergency tools, backup systems, seasonal applications).

Prerequisites

• Professional plan - Activity monitoring requires the Professional plan
• Admin access - Access to the Admin portal

Step 1: Wait for the automatic scan

EasyLife 365 Identity automatically scans all enterprise applications each night to collect the last sign-in data. This scan runs without any configuration needed.

After the first scan completes, you'll have activity data available for all enterprise applications in your tenant.

Step 2: Access the Manage section

1. Go to Admin > Manage
2. You'll see all enterprise applications in your tenant with their last sign-in information

Step 3: Sort by last sign-in date

1. Look for the Last sign-in or Activity column
2. Click the column header to sort by date
3. Applications with no sign-ins or very old sign-ins will appear at the top (or bottom, depending on sort order)

Step 4: Review applications for removal

Identify applications that are candidates for removal:

1. No sign-ins ever - Applications that have never been used
2. Old sign-ins - Applications with last sign-in dates months or years ago (e.g., 90+ days, 180+ days)
3. Consider exceptions - Some apps may be legitimately inactive:
   • Emergency recovery applications
   • Disaster recovery tools
   • Seasonal applications (year-end close, annual reviews)
   • Backup systems
   • Development/test applications that are rarely used

Step 5: Check ownership

Before taking action:

1. Click on each unused application to view details
2. Check the Application owners, Technical owners, and Business owners
3. Contact the owners to confirm the application is no longer needed

Step 6: Disable authentication (optional first step)

If you've confirmed an application is unused but want to be cautious:

1. In the Manage section, click the unused application
2. Disable authentication or revoke credentials to prevent any access
3. This effectively stops the application from working without permanently deleting it

This gives you time to monitor if anyone tries to access it before permanent deletion (typically 30-90 days).

Step 7: Delete the application

After the grace period with authentication disabled:

1. Confirm no one has complained about the disabled app
2. Go to the application in Manage
3. Click Delete or Remove
4. In Microsoft Entra ID, permanently remove the application

Step 8: Implement continuous monitoring (optional)

Once your initial cleanup is done, you can implement continuous analysis using the activity policy to be automatically informed about unused applications.

Configure an activity policy

1. Go to Admin > Policies

2. Click Create new > Enterprise Application Policy

3. Configure the policy:

   • Title: "Continuous Unused Application Detection"
   • Activity rule: Set to 90 days (or adjust based on your organization's usage patterns)
   • Notifications: 2 notifications, 14 days apart
   • Escalation: Email to IT governance team

4. Click Save

5. Assign this policy to all enterprise applications or set it as the default

Now you'll receive automatic notifications when applications become inactive, allowing you to take action proactively rather than running manual reviews.