Catalog resources must have valid roles (no stale / removed app roles or SPNs)
Why This Matters
Stale app roles, deleted service principals, and invalid SharePoint sites in catalog resources can create security gaps that allow unauthorized access or result in failed access package assignments. When these resources reference objects that no longer exist or have been modified, governance workflows break down and may leave orphaned entitlements across your Azure environment. Proactively cleaning up these misconfigurations ensures your Entra ID governance structure remains secure, functional, and compliant with internal policies.
What Aether365 Checks
This security check verifies that all catalog resources in Entra ID Governance reference valid service principals, active app roles, and accessible SharePoint sites. It appears in the Aether365 dashboard under the entra-id checks section and flags any resource with stale or invalid references.