Share via

Suggestions for Naming Convention in App Registrations (External Entra ID)

Jinki Lee 85 Reputation points
2025-04-17T20:50:12.9266667+00:00

app-registration

Hi everyone, curious to know how other Entra ID Admins have named their "App Registrations" and if they have some sort of naming convention they found useful which they could share or suggest?

I was thinking something along the lines of:

Example Format:

<organization/team> - <workload, application, or project> - <app scope> - <environment> - <instance>

Examples:

contoso-abc-user_read-prod-01

contoso-abc-user_read_all-prod-01

contoso-xyz-user_read_write-prod-01

contoso-abc-directory_read_write_all-qa-02

P.S. I am not referring to the Azure Resource Naming Convention :)

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments

Answer accepted by question author

  1. Marcin Policht 89,820 Reputation points MVP Volunteer Moderator
    2025-04-17T21:37:38.2966667+00:00

    That's a great question and one that a lot of Entra ID admins grapple with, especially as the number of app registrations grows and the importance of lifecycle management, auditing, and automation increases.

    Your proposed format is actually quite clean and aligns with the approach I've been using. I also tend to use the following naming elements for app registrations:

    Element Description Example
    org or team Your organization or the owning team contoso, hr, it, billing
    app name / workload The actual purpose, system, or integration name crm, timesheet, invoicing
    scope/type What the app does or what API access it needs user_read, directory_rw, graph_client
    env Environment indicator dev, qa, prod, uat
    instance (optional) For multiple copies or versions 01, 02, int, alt

    You might consider the following format (just a slight refinement comparing with the one you originally suggested):

    <org/team>-<workload/app>-<access_scope>-<environment>[-<instance>]

    Examples:

    • contoso-crm-user_read-prod
    • contoso-hr-graph_rw-qa-02
    • finance-tax-reporting-client_creds-dev
    • salesforce-api-access-token-exchange-prod
    • intune-device-mgmt-graph_rw-prod-01

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    Was this answer helpful?

    2 people found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.