Self-managed Applications
Not every application needs credential expiration alerts. Platform teams may rotate credentials automatically, third-party services manage their own certificates, and infrastructure identities are handled by automation pipelines. Sending unnecessary notifications for these applications creates alert fatigue and reduces trust in the system.
The business problem:
- Notifications for externally-managed credentials create noise
- Platform teams receive irrelevant alerts for automated credential rotation
- Microsoft-managed identities don't need manual intervention
- Alert fatigue reduces attention to applications that actually need action
- No way to distinguish self-managed apps from neglected ones
- Manual filtering of irrelevant notifications wastes time
Benefits
Selective exclusion improves focus and reduces noise:
✅ Reduce alert fatigue - Stop sending notifications for credentials managed elsewhere
✅ Improve notification relevance - Focus on applications that need manual attention
✅ Support automation - Allow platform teams to manage credentials programmatically
✅ Maintain visibility - Keep self-managed apps visible for governance and ownership tracking
✅ Scale efficiently - Automatically exclude entire classes of platform-managed applications
✅ Preserve governance - Ownership and activity policies still apply to self-managed apps
✅ Enable flexible control - Reverse self-managed status when requirements change
How self-managed applications work
Some applications have their credentials managed externally — by platform teams, third-party services, or automated pipelines — and don't need expiration warnings or remediation workflows in EasyLife 365 Identity Insiders.
Self-managed applications let you exclude these from credential monitoring while keeping them visible for governance and reporting.
Overview
A self-managed application is one whose credentials are intentionally excluded from expiration monitoring and notifications.
When marked as self-managed:
- Expiring or expired credentials do not trigger notifications or tasks
- The application remains visible in dashboards and reports
- Ownership and non-credential policies still apply
This keeps EasyLife 365 Identity Insiders focused on applications that require active credential management.
Use cases
Self-managed applications are ideal for:
- Applications managed by central platform or security teams
- Third-party integrations with externally rotated credentials
- System or infrastructure identities managed by automation
- Service principals owned by Microsoft or other trusted providers
Configuration
Applications can become self-managed in three ways:
Manual override
Application owners and administrators can explicitly mark individual applications as self-managed from the application's Settings page. This applies immediately and overrides automatic classification.
Automatic classification by owner
Administrators can configure a list of well-known owners in Settings. Applications owned by these identities are automatically treated as self-managed.
This scales well when entire classes of applications are managed externally.
Built-in defaults
EasyLife 365 Identity Insiders includes a predefined list of well-known service principals (typically Microsoft-managed applications and platform identities) that are self-managed by default.
Administrators can:
- Remove default entries if stricter oversight is needed
- Add custom service principals or users to the list
Governance
Self-managed status is an explicit governance decision, not a permanent exclusion:
- Ownership information remains visible
- Non-credential policies (activity, ownership rules) still apply
- Administrators can reverse self-managed status at any time
This ensures flexibility without sacrificing visibility or control.