The first place to get started is the app governance dashboard at https://aka.ms/appgovernance. Note that your sign-in account must have one of these app governance administrator roles to view any app governance data.
You can also access the app governance dashboard from Office 365 > Microsoft 365 Defender > App governance > Overview page.
What’s available on the dashboard
The dashboard contains a summary of the components of the Microsoft 365 app ecosystem in the tenant:
- Tenant summary: The count of key app and alert categories.
- Latest alerts: The 10 most recent active alerts in the tenant
- Data usage: Mouse over each month column in the graph to see the corresponding value.
- Total data usage: Tracks total data accessed by all apps in the tenant through Graph API over the last four calendar months. Currently only includes Mail and File upload/download usage.
- Data usage by resource type: Data usage over the last four calendar months, broken down by resource type. Currently only includes Mail and File upload/download usage
- Optimize app governance with policies: Recommended actions such as creating an app usage or permissions policy.
- App categories: The top apps sorted by these categories:
- All categories: Sorts across all available categories.
- Highly privileged: High privilege is an internally determined category based on platform machine learning and signals.
- Overprivileged: When app governance receives telemetry that indicates that a permission granted to an application hasn’t been used in the last 90 days, that application is overprivileged. App governance must be operating for at least 90 days to determine if any app is overprivileged.
- Unverified publisher: Applications that haven’t received publisher certification are considered unverified.
- App only permissions: Application permissions are used by apps that can run without a signed-in user present. Apps with permissions to access data across the tenant are potentially a higher risk.
- New apps: New Microsoft 365 apps that have been wp-signup.phped in the last seven days.
View app insights
One of the primary value points for app governance is the ability to quickly view app alerts and insights. To view insights for your apps:
- On your app governance portal page, select Apps.
- Use the Categories drop down list to select from the following options:
- All apps
- Highly privileged
- Overprivileged
- Unverified Publisher
- App only
- New apps
- Select the name of an app to view details. Selecting an app name opens a detail pane on the right as shown in the following graphic.
Note
The apps listed will depend on the apps present in your tenant.
Saving the query lets you save the defined list of filters in the current view. This could save time when selecting a subset of data in the future.
The details pane also lets you view the usage of the app over the past 30 days, the users who have consented to the app, and the permissions assigned to the app. An administrator could review the activity and permissions of an app that is generating alerts and make a decision to disable the app using the Disable App button in the Details pane.