Skip to main content
Version: Insiders
BasicProfessional

Maintain Accountability with Ownership

This guide explains how to establish and maintain clear ownership of applications to ensure accountability and manage organizational changes effectively.

Prerequisites

  • Admin access - Access to the Admin portal
  • Basic or Professional plan - Ownership features are available in both plans
  • List of known owners - Initial inventory of who owns which applications

Why ownership matters

Clear ownership ensures:

  • Someone is responsible for each application
  • Changes in your organization are tracked
  • Credential renewals and policy compliance are handled
  • You know who to contact when issues arise

Step 1: Assign owners

Start by establishing who owns the applications you're aware of.

Option A: Manual assignment via Manage section

  1. Go to Admin > Manage
  2. Select either App Registrations or Enterprise Applications
  3. Click on an application to view details
  4. Go to the Owners tab
  5. Click Add owner and select:
    • Application owner (Entra ID owner)
    • Technical owner (operational responsibility)
    • Business owner (business justification)
  6. Search and select users from your directory
  7. Click Save

Option B: Bulk import

If you have many applications:

  1. Prepare a CSV or spreadsheet with:

    • Application name or ID
    • Application owners (Entra ID owners)
    • Technical owners
    • Business owners

  2. Go to Admin > Manage

  3. Click Import

  4. Upload your file following the import template

  5. Review and confirm the import

Option C: Assign from the App

Owners can also be assigned directly from the EasyLife 365 Identity App:

  1. Open the EasyLife 365 Identity App
  2. Navigate to the application
  3. Click Owners or Manage owners
  4. Add the appropriate owner types
  5. Click Save

Step 2: Identify owner types needed

Decide which owner types your organization needs for each application:

Application owner (Entra ID)

Required for: All applications

  • Ensures someone has administrative access
  • Can manage credentials and configuration
  • Should be a person or service account that won't leave
  • Minimum: 1 per application

Technical owner

Useful for: Developer-owned apps, complex integrations

  • Handles day-to-day technical tasks
  • Manages credentials and troubleshooting
  • Doesn't need full Entra ID ownership
  • Consider: 1 per application in most cases

Business owner

Useful for: High-value apps, third-party integrations, apps with licensing costs

  • Verifies business justification
  • Approves major changes or decommissioning
  • Handles budget and license allocation
  • Consider: 1 for standard apps, 2 for high-value apps

Step 3: Enable minimum ownership policy

Once you have initial ownership established, enforce it with policies.

  1. Go to Admin > Policies > Create new

  2. Choose App Registration Policy or Enterprise Application Policy

  3. Configure ownership rules:

    Standard policy:

    • Minimum application owner: 1
    • Minimum technical owner: 1
    • Minimum business owner: 0 (optional)

    High-accountability policy:

    • Minimum application owner: 1
    • Minimum technical owner: 1
    • Minimum business owner: 1

  4. Set notifications: 3 notifications, 7 days apart

  5. Set escalation: Email to IT governance team

  6. Click Save

Step 4: Assign policies

Now that you have policies defined:

  1. Go to Admin > Policies
  2. For each policy, click the three-dot menu
  3. Select Set as default (recommended) OR
  4. Manually assign to specific applications:
    • Go to Manage
    • Click on an application
    • Assign the appropriate policy
tip

Setting a default policy ensures new applications are automatically governed. You can assign stricter policies to specific high-value apps.

Step 5: Automatic tracking through policies

Once policies are enabled, ownership changes are tracked automatically:

  • Policy workflows trigger when applications become non-compliant (missing required owners)
  • Notifications are sent to current owners alerting them of missing ownership requirements
  • Escalations occur if non-compliance persists beyond the notification period
  • Compliance dashboard shows which applications need attention

You don't need to manually monitor - the system handles it automatically.

Step 6: Handle departures and transitions

When someone leaves or changes roles:

  1. Remove them as owner from affected applications
  2. Applications automatically become non-compliant if they were the only owner of a required type
  3. Policy workflows trigger automatically, notifying remaining owners
  4. Remaining owners add replacements based on the notifications they receive
  5. Compliance is restored once new owners are assigned

This automated workflow ensures departures are handled systematically without manual tracking.