diff --git a/rules/rules-overridden-azure/technology-usage/security.windup.xml b/rules/rules-overridden-azure/technology-usage/security.windup.xml
index 7ba35ec9..64f54608 100644
--- a/rules/rules-overridden-azure/technology-usage/security.windup.xml
+++ b/rules/rules-overridden-azure/technology-usage/security.windup.xml
@@ -57,5 +57,83 @@
                 <technology-tag level="INFORMATIONAL">OpenSAML</technology-tag>
             </perform>
         </rule>
+        <rule id="security-03600">
+            <when>
+                <or>
+                    <!-- Spring component declared in source code condition -->
+                    <project>
+                        <artifact groupId="org.springframework.security" artifactId="spring-security-core"/>
+                    </project>
+                    <!-- Spring Boot component declared in source code condition -->
+                    <project>
+                        <artifact groupId="org.springframework.boot" artifactId="spring-boot-starter-security"/>
+                    </project>
+                    <!-- Spring component in compiled application condition -->
+                    <dependency groupId="org.springframework.security" artifactId="spring-security-core"/>
+                </or>
+            </when>
+            <perform>
+                <hint title="Embedded framework - Spring Security" category-id="information" effort="0">
+                    <message>
+                        The application embeds a Spring Security library. Ensure that the application is configured to access the identity provider.
+
+                        Consider using Azure Active Directory as an identity provider.
+                    </message>
+                </hint>
+                <link title="Spring Security-related dependencies found in the project" href="https://learn.microsoft.com/azure/developer/java/migration/migrate-spring-boot-to-app-service#identity-providers"/>
+                <link title="Azure Active Directory (Azure AD) identity provider for External Identities" href="https://docs.microsoft.com/azure/active-directory/external-identities/azure-ad-account"/>
+                <link title="Spring Security" href="https://docs.spring.io/spring-security/reference/index.html"/>
+                <link title="Spring Boot API: Authorization" href="https://auth0.com/docs/quickstart/backend/java-spring-security5/01-authorization"/>
+                <technology-tag level="INFORMATIONAL">Spring Security</technology-tag>
+            </perform>
+        </rule>
+        <rule id="security-03700">
+            <when>
+                <file filename="{*}oauth2{*}.jar"/>
+            </when>
+            <perform>
+                <hint title="Embedded library - OAuth 2.0" category-id="information" effort="0">
+                    <message>
+                        The application embeds an OAuth 2.0 library. For Spring Boot applications, please ensure that the application is configured to use Spring Security OAuth2.
+                        
+                        The Microsoft identity platform uses OAuth 2.0 and other protocols to enable applications to provide a Single Sign-On experience.
+
+                        By migrating your SSO implementation to Azure AD with OAuth 2.0, you leverage the capabilities of Azure AD for managing identities and enabling secure SSO across your applications.
+                        Azure AD offers features like multi-factor authentication, conditional access policies, and seamless integration with various SaaS applications, providing a robust and scalable solution for identity and access management in the cloud.
+                    </message>
+                    <link title="OAuth 2.0 authentication with Azure Active Directory" href="https://learn.microsoft.com/azure/active-directory/architecture/auth-oauth2"/>
+                    <link title="OAuth 2.0 and OpenID Connect protocols on the Microsoft Identity Platform" href="https://learn.microsoft.com/azure/active-directory/develop/v2-protocols"/>
+                    <link title="Application types and OAuth2" href="https://learn.microsoft.com/azure/active-directory/develop/v2-app-types"/>
+                    <link title="Spring Cloud Security quickstart" href="https://spring.io/projects/spring-cloud-security"/>
+                    <link title="Microsoft identity platform documentation" href="https://learn.microsoft.com/azure/active-directory/develop"/>
+                    <link title="Azure Active Directory documentation" href="https://learn.microsoft.com/en-us/azure/active-directory"/>
+                </hint>
+                <technology-tag level="INFORMATIONAL">OAuth 2.0</technology-tag>
+            </perform>
+        </rule>
+        <rule id="security-03800">
+            <when>
+                <or>
+                    <file filename="{*}openid4java{*}.jar"/>
+                    <file filename="{*}pac4j-oidc{*}.jar"/>
+                </or>
+            </when>
+            <perform>
+                <hint title="Embedded library - OpenID" category-id="information" effort="0">
+                    <message>
+                        The application embeds an OpenID library. The Microsoft identity platform uses OpenID and other protocols to enable applications to provide a Single Sign-On experience.
+
+                        By migrating your SSO implementation to Azure AD with OpenID, you leverage the capabilities of Azure AD for managing identities and enabling secure SSO across your applications.
+                        Azure AD offers features like multi-factor authentication, conditional access policies, and seamless integration with various SaaS applications, providing a robust and scalable solution for identity and access management in the cloud.
+                    </message>
+                    <link title="OpenID Connect authentication with Azure Active Directory" href="https://learn.microsoft.com/azure/active-directory/architecture/auth-oidc"/>
+                    <link title="OAuth 2.0 and OpenID Connect protocols on the Microsoft Identity Platform" href="https://learn.microsoft.com/azure/active-directory/develop/v2-protocols"/>
+                    <link title="OpenID Connect on the Microsoft identity platform" href="https://learn.microsoft.com/azure/active-directory/develop/v2-protocols-oidc"/>
+                    <link title="Microsoft identity platform documentation" href="https://learn.microsoft.com/azure/active-directory/develop"/>
+                    <link title="Azure Active Directory documentation" href="https://learn.microsoft.com/en-us/azure/active-directory"/>
+                </hint>
+                <technology-tag level="INFORMATIONAL">OpenID</technology-tag>
+            </perform>
+        </rule>
     </rules>
 </ruleset>
diff --git a/rules/rules-overridden-azure/technology-usage/tests/security-target-azure-appservice.windup.test.xml b/rules/rules-overridden-azure/technology-usage/tests/security-target-azure-appservice.windup.test.xml
index d9f27e48..a6f62ae5 100644
--- a/rules/rules-overridden-azure/technology-usage/tests/security-target-azure-appservice.windup.test.xml
+++ b/rules/rules-overridden-azure/technology-usage/tests/security-target-azure-appservice.windup.test.xml
@@ -34,6 +34,36 @@
                     <fail message="OpenSAML hint for Azure was not found!"/>
                 </perform>
             </rule>
+            <rule id="security-azure-appservice-03600-test">
+                <when>
+                    <not>
+                        <hint-exists message="The application embeds a Spring Security library. Ensure that the application is configured to access the identity provider"/>
+                    </not>
+                </when>
+                <perform>
+                    <fail message="Spring Security hint for Azure was not found!"/>
+                </perform>
+            </rule>
+            <rule id="security-azure-appservice-03700-test">
+                <when>
+                    <not>
+                        <hint-exists message="The application embeds an OAuth 2.0 library. For Spring Boot applications, please ensure that the application is configured to use Spring Security OAuth2"/>
+                    </not>
+                </when>
+                <perform>
+                    <fail message="OAuth 2.0 hint for Azure was not found!"/>
+                </perform>
+            </rule>
+            <rule id="security-azure-appservice-03800-test">
+                <when>
+                    <not>
+                        <hint-exists message="The application embeds an OpenID library. The Microsoft identity platform uses OpenID and other protocols to enable applications"/>
+                    </not>
+                </when>
+                <perform>
+                    <fail message="OpenID hint for Azure was not found!"/>
+                </perform>
+            </rule>
         </rules>
     </ruleset>
 </ruletest>
diff --git a/rules/rules-overridden-azure/technology-usage/tests/security-target-discovery.windup.test.xml b/rules/rules-overridden-azure/technology-usage/tests/security-target-discovery.windup.test.xml
index 8f828cbf..46746e6c 100644
--- a/rules/rules-overridden-azure/technology-usage/tests/security-target-discovery.windup.test.xml
+++ b/rules/rules-overridden-azure/technology-usage/tests/security-target-discovery.windup.test.xml
@@ -32,6 +32,17 @@
                     <fail message="Expected data not found for rule security-02800"/>
                 </perform>
             </rule>
+            <rule id="security-discovery-03600-test">
+                <when>
+                    <not>
+                        <classification-exists classification="Embedded library - Spring Security"/>
+                        <technology-tag-exists technology-tag="Spring Security"/>
+                    </not>
+                </when>
+                <perform>
+                    <fail message="Expected data not found for rule security-03600"/>
+                </perform>
+            </rule>
         </rules>
     </ruleset>
 </ruletest>
diff --git a/rules/rules-reviewed/azure/springboot/spring-boot-to-azure-identity-provider.windup.xml b/rules/rules-reviewed/azure/springboot/spring-boot-to-azure-identity-provider.windup.xml
deleted file mode 100644
index a25da902..00000000
--- a/rules/rules-reviewed/azure/springboot/spring-boot-to-azure-identity-provider.windup.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<ruleset id="spring-boot-to-azure-identity-provider"
-         xmlns="http://windup.jboss.org/schema/jboss-ruleset"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://windup.jboss.org/schema/jboss-ruleset http://windup.jboss.org/schema/jboss-ruleset/windup-jboss-ruleset.xsd">
-    <metadata>
-        <description>
-            Identify any identity provider(s) used by the application.
-        </description>
-        <dependencies>
-            <addon id="org.jboss.windup.rules,windup-rules-xml,3.0.0.Final"/>
-        </dependencies>
-        <sourceTechnology id="springboot"/>
-        <targetTechnology id="azure-spring-apps"/>
-        <targetTechnology id="azure-appservice"/>
-        <targetTechnology id="azure-aks"/>
-        <targetTechnology id="azure-container-apps"/>
-        <tag>security</tag>
-    </metadata>
-    <rules>
-        <rule id="spring-boot-to-azure-identity-provider-01000">
-            <when>
-                <or>
-                    <project>
-                        <artifact groupId="org.springframework.boot" artifactId="spring-boot-starter-security"/>
-                    </project>
-                    <project>
-                        <artifact groupId="org.springframework.security" artifactId="{*}"/>
-                    </project>
-                </or>
-            </when>
-            <perform>
-                <hint title="Spring Security-related dependencies" category-id="information" effort="5">
-                    <message>
-                        The application uses Spring security.
-
-                        Checkout Azure Active Directory as an identity provider.
-                    </message>
-                    <link title="Spring Security-related dependencies found in the project" href="https://learn.microsoft.com/azure/developer/java/migration/migrate-spring-boot-to-app-service#identity-providers"/>
-                    <link title="Azure Active Directory (Azure AD) identity provider for External Identities" href="https://docs.microsoft.com/azure/active-directory/external-identities/azure-ad-account"/>
-                    <link title="Spring Security" href="https://docs.spring.io/spring-security/reference/index.html"/>
-                    <link title="Spring Boot API: Authorization" href="https://auth0.com/docs/quickstart/backend/java-spring-security5/01-authorization"/>
-                </hint>
-            </perform>
-        </rule>
-    </rules>
-</ruleset>
diff --git a/rules/rules-reviewed/azure/springboot/tests/data/spring-boot-to-azure-identity-provider/pom.xml b/rules/rules-reviewed/azure/springboot/tests/data/spring-boot-to-azure-identity-provider/pom.xml
deleted file mode 100644
index 4fd516f2..00000000
--- a/rules/rules-reviewed/azure/springboot/tests/data/spring-boot-to-azure-identity-provider/pom.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-  <modelVersion>4.0.0</modelVersion>
-
-  <groupId>org.jboss.windup.rules.test</groupId>
-  <artifactId>spring-boot-to-azure-identity-provider</artifactId>
-  <version>4.2.1_SNAPSHOT</version>
-  <name>Determine whether application relies on an identity provider(s).</name>
-
-  <dependencies>
-    <dependency>
-      <groupId>org.springframework.boot</groupId>
-      <artifactId>spring-boot-starter-security</artifactId>
-      <version>5.0.10.Final</version>
-    </dependency>
-    <dependency>
-      <groupId>not-tested</groupId>
-      <artifactId>spring-boot-starter-security</artifactId>
-      <version>5.0.10.Final</version>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>tested</artifactId>
-      <version>5.0.10.Final</version>
-    </dependency>
-  </dependencies>
-</project>
diff --git a/rules/rules-reviewed/azure/springboot/tests/spring-boot-to-azure-identity-provider.windup.test.xml b/rules/rules-reviewed/azure/springboot/tests/spring-boot-to-azure-identity-provider.windup.test.xml
deleted file mode 100644
index 9bbe68d8..00000000
--- a/rules/rules-reviewed/azure/springboot/tests/spring-boot-to-azure-identity-provider.windup.test.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<ruletest id="spring-boot-to-azure-identity-provider-test"
-          xmlns="http://windup.jboss.org/schema/jboss-ruleset"
-          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-          xsi:schemaLocation="http://windup.jboss.org/schema/jboss-ruleset http://windup.jboss.org/schema/jboss-ruleset/windup-jboss-ruleset.xsd">
-    <testDataPath>data/spring-boot-to-azure-identity-provider</testDataPath>
-    <rulePath>../spring-boot-to-azure-identity-provider.windup.xml</rulePath>
-    <ruleset>
-        <rules>
-            <rule id="spring-boot-to-azure-identity-provider-test-01000">
-                <when>
-                    <not>
-                        <iterable-filter size="2">
-                            <hint-exists message="The application uses Spring security."/>
-                        </iterable-filter>
-                    </not>
-                </when>
-                <perform>
-                    <fail message="Spring security hint was not found!"/>
-                </perform>
-            </rule>
-        </rules>
-    </ruleset>
-</ruletest>
diff --git a/rules/rules-reviewed/technology-usage/tests/data/security/openid4java.jar b/rules/rules-reviewed/technology-usage/tests/data/security/openid4java.jar
new file mode 100644
index 00000000..e2e493d3
Binary files /dev/null and b/rules/rules-reviewed/technology-usage/tests/data/security/openid4java.jar differ
diff --git a/rules/rules-reviewed/technology-usage/tests/data/security/spring-security-oauth2-2.4.2.RELEASE.jar b/rules/rules-reviewed/technology-usage/tests/data/security/spring-security-oauth2-2.4.2.RELEASE.jar
new file mode 100644
index 00000000..e2e493d3
Binary files /dev/null and b/rules/rules-reviewed/technology-usage/tests/data/security/spring-security-oauth2-2.4.2.RELEASE.jar differ