What are Microsoft Entra recommendations?
Keeping track of all the settings and resources in your tenant can be overwhelming. The Microsoft Entra recommendations feature helps monitor the status of your tenant so you don't have to. The Microsoft Entra recommendations feature helps ensure your tenant is in a secure and healthy state while also helping you maximize the value of the features available in Microsoft Entra ID.
The Microsoft Entra recommendations feature provides you with personalized insights with actionable guidance to:
- Help you identify opportunities to implement best practices for Microsoft Entra ID-related features.
- Improve the state of your Microsoft Entra tenant.
- Optimize the configurations for your scenarios.
This article gives you an overview of how you can use Microsoft Entra recommendations. As an administrator, you should review your tenant's Microsoft Entra recommendations, and their associated resources periodically.
What it is
The Microsoft Entra recommendations feature is the Microsoft Entra specific implementation of Azure Advisor, which is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. Azure Advisor analyzes your resource configuration and usage data to recommend solutions that can help you improve the cost effectiveness, performance, reliability, and security of your Azure resources.
Microsoft Entra recommendations use similar data to support you with the roll-out and management of Microsoft's best practices for Microsoft Entra tenants to keep your tenant in a secure and healthy state. The Microsoft Entra recommendations feature provides a holistic view into your tenant's security, health, and usage.
How it works
On a daily basis, Microsoft Entra ID analyzes the configuration of your tenant. During this analysis, Microsoft Entra ID compares the data of a recommendation with the actual configuration of your tenant. If a recommendation is flagged as applicable to your tenant, the recommendation appears in the Recommendations section of the Identity Overview area. The recommendations are listed in order of priority so you can quickly determine where to focus first.
Each recommendation contains a description, a summary of the value of addressing the recommendation, and a step-by-step action plan. If applicable, impacted resources associated with the recommendation are listed, so you can resolve each affected area. If a recommendation doesn't have any associated resources, the impacted resource type is Tenant level, so your step-by-step action plan impacts the entire tenant and not just a specific resource.
Recommendation availability and license requirements
The recommendations listed in the following table are currently available in public preview or general availability. The license requirements for recommendations in public preview are subject to change. The table provides the impacted resources and links to available documentation.
| Recommendation | Impacted resources | Required license | Availability |
|---|---|---|---|
| Convert per-user MFA to Conditional Access MFA | Users | All licenses | Generally available |
| Migrate applications from AD FS to Microsoft Entra ID | Applications | All licenses | Generally available |
| Migrate from ADAL to MSAL | Applications | All licenses | Generally available |
| Migrate to Microsoft Authenticator | Users | All licenses | Preview |
| Minimize MFA prompts from known devices | Users | All licenses | Generally available |
| Remove unused applications | Applications | Microsoft Entra Workload ID Premium | Preview |
| Remove unused credentials from applications | Applications | Microsoft Entra Workload ID Premium | Preview |
| Renew expiring application credentials | Applications | Microsoft Entra Workload ID Premium | Preview |
| Renew expiring service principal credentials | Applications | Microsoft Entra Workload ID Premium | Preview |
Microsoft Entra-only displays the recommendations that apply to your tenant, so you may not see all supported recommendations listed.
Next steps
Feedback
Submit and view feedback for