Default Authorization Settings - Sign-up for email based subscription
Why This Matters
Allowing users to sign up for email-based subscriptions can lead to unauthorized self-service registrations in your Microsoft 365 tenant. This bypasses IT governance controls and may enable malicious actors to gain access to your organization's resources through unsolicited subscriptions. Disabling this setting ensures that only authorized administrators control subscription management.
What Aether365 Checks
Aether365 verifies that the allowedToSignUpEmailBasedSubscriptions property in the Microsoft Entra ID authorization policy is set to false. This check appears in the Aether365 dashboard under entra-id checks and is flagged as medium severity if misconfigured.