What are Microsoft Entra recommendations?

Keeping track of all the settings and resources in your tenant can be overwhelming. The Microsoft Entra recommendations feature helps monitor the status of your tenant so you don't have to. The Microsoft Entra recommendations feature helps ensure your tenant is in a secure and healthy state while also helping you maximize the value of the features available in Microsoft Entra ID.

The Microsoft Entra recommendations feature provides you with personalized insights with actionable guidance to:

  • Help you identify opportunities to implement best practices for Microsoft Entra ID-related features.
  • Improve the state of your Microsoft Entra tenant.
  • Optimize the configurations for your scenarios.

This article gives you an overview of how you can use Microsoft Entra recommendations. As an administrator, you should review your tenant's Microsoft Entra recommendations, and their associated resources periodically.

What it is

The Microsoft Entra recommendations feature is the Microsoft Entra specific implementation of Azure Advisor, which is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. Azure Advisor analyzes your resource configuration and usage data to recommend solutions that can help you improve the cost effectiveness, performance, reliability, and security of your Azure resources.

Microsoft Entra recommendations use similar data to support you with the roll-out and management of Microsoft's best practices for Microsoft Entra tenants to keep your tenant in a secure and healthy state. The Microsoft Entra recommendations feature provides a holistic view into your tenant's security, health, and usage.

How it works

On a daily basis, Microsoft Entra ID analyzes the configuration of your tenant. During this analysis, Microsoft Entra ID compares the data of a recommendation with the actual configuration of your tenant. If a recommendation is flagged as applicable to your tenant, the recommendation appears in the Recommendations section of the Identity Overview area. The recommendations are listed in order of priority so you can quickly determine where to focus first.

Screenshot of the Overview page of the tenant with the Recommendations option highlighted.

Each recommendation contains a description, a summary of the value of addressing the recommendation, and a step-by-step action plan. If applicable, impacted resources associated with the recommendation are listed, so you can resolve each affected area. If a recommendation doesn't have any associated resources, the impacted resource type is Tenant level, so your step-by-step action plan impacts the entire tenant and not just a specific resource.

Recommendation availability and license requirements

The recommendations listed in the following table are currently available in public preview or general availability. The license requirements for recommendations in public preview are subject to change. The table provides the impacted resources and links to available documentation.

Recommendation Impacted resources Required license Availability
Convert per-user MFA to Conditional Access MFA Users All licenses Generally available
Migrate applications from AD FS to Microsoft Entra ID Applications All licenses Generally available
Migrate from ADAL to MSAL Applications All licenses Generally available
Migrate to Microsoft Authenticator Users All licenses Preview
Minimize MFA prompts from known devices Users All licenses Generally available
Remove unused applications Applications Microsoft Entra Workload ID Premium Preview
Remove unused credentials from applications Applications Microsoft Entra Workload ID Premium Preview
Renew expiring application credentials Applications Microsoft Entra Workload ID Premium Preview
Renew expiring service principal credentials Applications Microsoft Entra Workload ID Premium Preview

Microsoft Entra-only displays the recommendations that apply to your tenant, so you may not see all supported recommendations listed.

Next steps