Microsoft Entra ID includes an application gallery containing thousands of pre-integrated SaaS applications. In most environments, many commonly used business apps are already available in this gallery. Using a gallery app is usually the fastest and safest way to integrate an external SaaS application because Microsoft provides a tested integration template, and you typically avoid common configuration mistakes.
Once a gallery application is added to your Microsoft Entra tenant, Microsoft Entra creates an enterprise application object in your directory. From there, you can manage the organization-specific settings for that app, including:
Application properties that control whether users can sign in and whether the app appears in user portals.
User access configuration, such as assignments.
SSO configuration, so users can authenticate using Microsoft Entra credentials.
This unit focuses specifically on configuring application properties, including visibility, access behavior, branding, and notes.
Configure application properties
Application properties control how an app behaves from a user’s perspective and how access is enforced at the tenant level. These settings are not just cosmetic. They influence whether users can see the app, whether unassigned users can access it, and whether assigned users can actually sign in.
In the Microsoft Entra admin center, open the Identity menu.
Select Enterprise applications.
Find and select the application you want to configure.
In the Manage section, select Properties to open the Properties pane for editing.
At this stage, it is important to understand that the fields you see depend on how the app is integrated with Microsoft Entra.
Apps integrated with SAML-based SSO typically include SAML-specific fields such as a User access URL. Apps integrated with OIDC-based SSO typically do not include that SAML-specific field.
Apps added through Microsoft Entra ID – App registrations are, by default, OIDC-based apps.
Apps added through Microsoft Entra ID – Enterprise applications may use any SSO standard, including SAML, OIDC, or others depending on the gallery integration.
Even though SSO fields differ by protocol, all enterprise applications share core properties that control sign-in and visibility. The key properties highlighted in this unit are:
Enabled for users to sign in? determines whether users assigned to the application can sign in.
User assignment required? determines whether users who are not assigned to the application can sign in.
Visible to users? determines whether users assigned to the app can see it in My Apps and the Microsoft 365 app launcher, such as the waffle menu in the upper-left corner of Microsoft 365 pages.
Select Save.
Exam-critical behaviors and common confusion
Enabled for users to sign in? is often misunderstood. If this is disabled, then even correctly assigned users may be blocked from signing in, which can look like “SSO is broken” but is actually an app property issue.
User assignment required? is a common control for limiting access. If it is set to require assignment, then access is restricted to users and groups explicitly assigned. If it is not required, you may be relying on other controls, and users could be able to sign in even without assignment, depending on the app and configuration.
Visible to users? affects discoverability, not necessarily access. An app can be hidden from My Apps while still being accessible if a user goes directly to the sign-in URL and is allowed. This difference is frequently tested because it relates to security expectations versus user experience.
Use a custom logo
Branding matters because users often interact with applications through My Apps or the Microsoft 365 launcher. A clear icon reduces confusion and lowers the chance that users select the wrong application, especially when multiple apps have similar names.
Create a logo that is 215 by 215 pixels.
Save the logo in .png format.
In the Microsoft Entra admin center, select Enterprise applications.
Find and select the application you want to configure.
In the Manage section, select Properties to open the Properties pane for editing.
Select the icon and upload the logo.
Select Save.
The image size requirement is important. If the image is the wrong size or format, the upload may fail or display poorly, which creates a poor user experience.
Add notes
The Notes field is a practical governance tool. It provides documentation directly on the enterprise application object, helping administrators understand ownership, purpose, support contacts, onboarding instructions, and usage expectations.
Multiple administrators manage apps over time.
Ownership changes due to staffing or vendor changes.
Users need guidance on when and how to use an app.
In the Microsoft Entra admin center, select Enterprise applications.
Find and select the application you want to configure.
In the Manage section, select Properties to open the Properties pane for editing.
Update the Notes field with relevant information.
Select Save.
Notes can improve both admin operations and user clarity. In practice, they reduce support tickets because users have context for what the app is and when to use it.