Phase 4: Plan management and insights

Once apps are migrated, you must ensure that:

  • Users can securely access and manage
  • You can gain the appropriate insights into usage and app health

We recommend taking the following actions as appropriate to your organization.

Manage your users’ app access

Once you've migrated the apps, consider applying the following suggestions to enrich your user’s experience:

  • Make apps discoverable by publishing them to the Microsoft MyApplications portal.

  • Add app collections so users can locate application based on business function.

  • Add their own application bookmarks to the MyApplications portal.

  • Enable self-service application access to an app and let users add apps that you curate.

  • Optionally hide applications from end-users.

  • Users can go to to search for their apps and have their most-recently-used apps appear for them right from where they do work.

  • Users can download the MyApps secure sign-in extension in Chrome, or Microsoft Edge so they can launch applications directly from their browser without having to first navigate to MyApplications.

  • Users can access the MyApps portal with Intune-managed browser on their iOS 7.0 or later or Android devices.

Secure app access

Microsoft Entra ID provides a centralized access location to manage your migrated apps. Sign in to the Microsoft Entra admin center and enable the following capabilities:

  • Secure user access to apps. Enable Conditional Access policiesor Identity Protectionto secure user access to applications based on device state, location, and more.
  • Automatic provisioning. Set up automatic provisioning of users with various third-party SaaS apps that users need to access. In addition to creating user identities, it includes the maintenance and removal of user identities as status or roles change.
  • Delegate user access management. As appropriate, enable self-service application access to your apps and assign a business approver to approve access to those apps. Use Self-Service Group Managementfor groups assigned to collections of apps.
  • Delegate admin access using Directory Role to assign an admin role (such as Application administrator, Cloud Application administrator, or Application developer) to your user.
  • Add applications to Access Packages to provide governance and attestation.

Audit and gain insights of your apps

You can also use the Microsoft Entra admin center to audit all your apps from a centralized location,

Exit criteria

You're successful in this phase when you:

  • Provide secure app access to your users
  • Manage to audit and gain insights of the migrated apps

Do even more with deployment plans

Deployment plans walk you through the business value, planning, implementation steps, and management of Microsoft Entra solutions, including app migration scenarios. They bring together everything that you need to start deploying and getting value out of Microsoft Entra capabilities. The deployment guides include content such as Microsoft recommended best practices, end-user communications, planning guides, implementation steps, test cases, and more.

Many deployment plans are available for your use, and we’re always making more!

Contact support

Visit the following support links to create or track support ticket and monitor health.

  • Azure Support: You can call Microsoft Support and open a ticket for any Azure Identity deployment issue depending on your Enterprise Agreement with Microsoft.
  • FastTrack: If you've purchased Enterprise Mobility and Security (EMS) or Microsoft Entra ID P1 or P2 licenses, you're eligible to receive deployment assistance from the FastTrack program.
  • Engage the Product Engineering team: If you're working on a major customer deployment with millions of users, you're entitled to support from the Microsoft account team or your Cloud Solutions Architect. Based on the project’s deployment complexity, you can work directly with the Azure Identity Product Engineering team.

Next steps