Monitoring application access
While many cloud-based applications and services may use their own identity stores, it is becoming more common for application vendors to allow bring-you-own-identity scenarios. You might see this with websites allowing social media logins or other types of identity.
Like other identity providers, Azure AD identity can be used to authenticate users to external applications. While many of those applications are legitimate (and their use derives from a legitimate business use case), malicious websites or individuals can publish applications to steal data. As part of your operational practices, you should periodically review allowed applications in your environment and remove the authorizations for applications that look suspicious or are no longer being used.
Applications that are registered or authorized in Azure AD can be used to provide single sign-on to both SaaS cloud applications as well as internally managed applications. Depending on your organization...
