Summary
To transition ADFS application to Entra ID you are creating the Enterprise application. You will notice two flags, “Assignment required?” and “Visible to users?”.
If you hover over the text it clearly states that if this flag is set to no means everyone will be able to see the app in the myapps.microsoft.com portal. This can be more educated to the customer to not to set as No because now the app is presence is available to everyone in the tenant.
The next flag is “Visible to users?”
This flag is important flag for the application modernization. I recommend to set to Yes, this will help end users to find the apps from myapps.microsoft.com flag. However, doing that you want to educate the customer not to set the previous flag “Assignment required?” to us, unless customer wants the app to be seen by everyone in the tenant.
What should you guide to the customer?
I recommend tell them the Entra ID application is like a fence now for their house (in this case application). The fence now can be controlled by them.
To control this application the customer can now add “User and groups”. Only those users or member of groups will be able to see the apps in myapps.microsoft.com portal.
What are the advantages?
Well, clearly you can educate customer that give visibility to those users you know they should see and access the apps. If they provide access to entire tenant that will make the apps visible to everyone in the tenant and most of time the end users will click to access the app. They most likely will fail or success to get in to the app but by doing the above simple step those issues can be addressed.
Conclusion
These flags are sometimes missed and I want to share for your awareness and reference.
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/access-panel-collections