Application Activity
Applications don't just get created—they also get forgotten. SaaS integrations from completed projects, service principals from old automation scripts, and third-party apps nobody uses anymore sit idle in your tenant, consuming licenses, creating security risks, and cluttering your application portfolio.
The business problem:
- Unused applications waste SaaS licenses and subscription costs
- Dormant integrations increase attack surface
- No visibility into which applications are actually being used
- Manual usage reviews require significant effort and are rarely done
- Inherited applications from M&A may no longer be needed
- Security teams can't prioritize remediation without usage context
Benefits
Automated activity tracking enables data-driven application portfolio management:
✅ Optimize license costs - Identify and remove unused SaaS subscriptions
✅ Reduce security risks - Remove dormant integrations that could be exploited
✅ Support compliance - Demonstrate periodic access reviews and cleanup
✅ Enable informed decisions - Know which applications are actually used before decommissioning
✅ Automate portfolio cleanup - Policy-based detection of inactive applications
✅ Simplify M&A integration - Quickly identify inherited applications that can be retired
✅ Provide usage evidence - Objective sign-in data for application rationalization
How activity tracking works
Application activity tracks whether enterprise applications are still being used, providing a key signal for visibility, governance, and policy enforcement.
Overview
Activity represents recent sign-in usage for enterprise applications. Rather than tracking individual users or events, it focuses on whether an application itself has been used recently.
This helps identify:
- Actively used applications
- Dormant or abandoned integrations
- Candidates for review, cleanup, or decommissioning
Activity tracking applies only to enterprise applications (service principals). App registrations are not directly tracked, as activity is measured at the service principal level. Missing activity on an enterprise application indicates whether its associated app registration is still required.
Sign-in types
Four types of sign-ins are evaluated for activity:
- Interactive user sign-ins — User actively authenticates through a browser or client application
- Non-interactive user sign-ins — Background token operations on behalf of a user, such as silent token refresh
- Service principal sign-ins — Application authenticates using its own identity via client credentials
- Managed identity sign-ins — Sign-ins from Azure managed identities
Any of these sign-in types count as activity for policy and governance purposes.
Data refresh: Activity data is scanned and refreshed once per day.
Usage in EasyLife 365 Identity Insiders
Visibility
Activity information is available in the Manage section, where administrators can:
- Review when an enterprise application was last used
- Inspect recent activity across different sign-in types
- Identify inactive or low-usage applications
- Support rationalization, cleanup, and security reviews
Policy enforcement
Activity rules in policies can require that an enterprise application has been signed in to within the last X days. If no qualifying activity is detected, the application becomes non-compliant and follows the notification and escalation flow described in Policies.
Manual extension
Some applications remain critical even with infrequent use. Owners can manually extend an application's activity directly from EasyLife 365 Identity Insiders:
- Extension does not generate an actual sign-in in Entra ID
- From a policy perspective, the application is treated as recently active
- Extension applies for the configured number of days
This allows snoozing activity-based policy violations while maintaining accountability.
By combining real sign-in data with controlled manual extensions, activity tracking ensures inactive applications are surfaced automatically while legitimate exceptions remain explicit and auditable.