What is the recommended solution to verify whether developers still require permissions to an application in Azure?

The recommended solution for verifying whether developers still require permissions to an application in Azure is to create an access review of the application in Azure Active Directory.

An access review provides a structured process to evaluate the access permissions of users periodically. This process allows administrators to gather feedback directly from users about their necessity to retain access to specific applications or resources. By involving users in the review process, organizations can ensure that permissions are granted according to actual needs, thereby helping maintain a principle of least privilege and reducing security risks.

Conducting regular access reviews not only helps in identifying unnecessary permissions but also encourages security best practices by prompting users to reflect on their access needs. This approach leads to improved governance of Azure Active Directory resources.

Using an Azure Automation runbook or the Get-AzRoleAssignment cmdlet can provide insights into role assignments but lacks the interactive review process that engages users in confirming the need for their access. Assigning individual permissions based on usage may lead to a complex permission management scenario that could become cumbersome. Re-coding the application to include permission checks can enhance security but doesn't address the existing permission review process and may be resource-intensive without providing the immediate verification that's needed.