Privileged API permissions on service principals should not remain unused
Why This Matters
Unused privileged API permissions on service principals create unnecessary security risk. If a service principal retains high-impact permissions it never uses, an attacker who compromises that principal gains access to sensitive control plane operations they can exploit. Removing unused permissions reduces your attack surface and follows the principle of least privilege.
What Aether365 Checks
This check identifies service principals with unused API permissions that Microsoft Defender for Cloud Apps (MDA) App Governance has classified as control or management plane permissions, or as highly critical API permissions. The result appears in your Aether365 dashboard under the entra-id category.