Default Authorization Settings - Default User Role Permissions - Allowed to create Apps
Why This Matters
Allowing non-administrative users to create applications in Microsoft Entra ID introduces significant security risks. Malicious or careless users can register third-party applications that request broad permissions, potentially granting unauthorized access to organizational data and resources. Restricting application creation to administrators only reduces the attack surface and ensures proper oversight of all integrated applications.
What Aether365 Checks
Aether365 verifies that the defaultUserRolePermissions.allowedToCreateApps setting in the authorization policy is set to false. This check appears in the Aether365 dashboard under Entra ID security checks.