check before: 2026-03-01
Product:
Entra, Microsoft Graph
Platform:
Developer, Web, World tenant
Status:
In development
Change type:
Links:
Details:
Admins or app owners can now safely pause an app’s access to Entra protected resources without deleting it or disrupting configuration. When deactivated, the app and its service principals globally (across tenants) can’t request new tokens and user sign ins are blocked, while existing tokens simply expire on their normal schedule. This makes it easy for admins to temporarily freeze suspicious or unused apps during investigations, bulk cleanup, or tenant hygiene work. This capability will initially be available via Microsoft Graph API.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2026-01-13
updated:
2026-01-13
Public Preview Start Date
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
More Info URL
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
User Access Disruption
Deactivating an app will block user sign-ins, preventing access to services that rely on the app, which can lead to user frustration and decreased productivity.
- roles: End Users, IT Support Staff
- references: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/deactivate-application-portal
Service Interruption
Existing tokens will expire normally, but new tokens cannot be requested, potentially interrupting services that depend on the app for authentication.
- roles: Application Owners, System Administrators
- references: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/deactivate-application-portal
Increased Support Tickets
Users may experience issues accessing applications, leading to an increase in support tickets and queries directed at IT support.
- roles: IT Support Staff, Help Desk Agents
- references: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/deactivate-application-portal
Operational Delays
If an app is deactivated without prior notice, it may cause delays in business operations that rely on that app, affecting overall efficiency.
- roles: Business Analysts, Project Managers
- references: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/deactivate-application-portal
Security Risks
While the app is deactivated, there may be a false sense of security, leading to potential oversight of other security vulnerabilities in the system.
- roles: Security Analysts, Compliance Officers
- references: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/deactivate-application-portal
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Enhanced Security Management
The ability to deactivate apps without deleting them allows for improved security management. Admins can quickly freeze access to potentially compromised applications, minimizing risk during investigations. This proactive approach enhances overall security posture.
- next-steps: Train IT security teams on the new deactivation feature and establish protocols for identifying and deactivating suspicious apps.
- roles: IT Security Team, System Administrators, Compliance Officers
- references: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/deactivate-application-portal
Streamlined Tenant Hygiene Processes
Deactivating unused applications simplifies tenant hygiene tasks. By allowing admins to pause access rather than removing apps, organizations can maintain better control over their app landscape, making it easier to manage and audit applications regularly.
- next-steps: Develop a periodic review process for applications in the tenant, utilizing the deactivation feature to manage unused apps effectively.
- roles: IT Administrators, Application Owners, Compliance Officers
- references: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/deactivate-application-portal
Cost-Effective App Management
By temporarily deactivating apps instead of deleting them, organizations can avoid potential costs associated with re-implementing applications later. This feature supports better resource allocation and management, particularly for apps that may be needed in the future.
- next-steps: Analyze the current application inventory to identify candidates for deactivation and create a strategy for managing these apps.
- roles: Finance Managers, IT Administrators, Application Owners
- references: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/deactivate-application-portal
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Imagine you have a key that opens a specific door, allowing you access to a room filled with valuable resources. Now, suppose you suspect that someone might be using a duplicate of your key without your permission, or perhaps you just want to ensure that the room remains secure while you tidy things up. Instead of changing the lock entirely, which can be a hassle and might disrupt other activities, you simply decide to temporarily disable the key. This way, the door remains closed to any new entries, but anyone already inside can continue their work until they naturally leave.
This is similar to what Microsoft Entra is offering with its new app deactivation feature. Administrators or app owners can pause an app's access to Entra-protected resources without deleting the app or altering its configuration. When an app is deactivated, it can't request new access tokens, and user sign-ins are blocked. However, any existing tokens will continue to function until they expire as scheduled. This approach allows for a non-disruptive way to manage and secure applications, especially when dealing with suspicious activities or during routine maintenance.
This feature is particularly useful during investigations, bulk cleanups, or when maintaining the overall health of the system. It's like having the ability to freeze access temporarily without the need for drastic measures, ensuring that everything remains under control while you address any concerns. Initially, this capability will be available through the Microsoft Graph API, allowing for easy integration and management within existing systems.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 3 weeks ago ago
