Join on us on a journey into a wilderness of over 3000 Entra ID Enterprise Applications, where users could consent to almost anything, and usually did. Learn how we built an application governance framework with executive sponsorship, tools and processes for taming this wilderness and turning it into the promised land of improved security, reduced workload for the Global Admins and faster reaction times to requests. This will cover building an application governance charter, customizing and use App Risk Scores to evaluate apps and their consent requests, triaging your existing apps to eliminate the Unholy trio: The unused, The overly permissioned and the Risk unevaluated. Using Custom Security Attributes to apply Conditional Access Policies using sweeping categories. Of course, we will cover the difference between application and delegated permissions along with the difference between consenting for a user and for a tenant.