Default Authorization Settings - Default User Role Permissions - Allowed to read other users
Why This Matters
The allowedToReadOtherUsers permission controls whether default users can view other users’ profiles across the tenant. Enabling this setting (the default) supports collaboration features like user lookup in Microsoft Teams and SharePoint, but it also exposes detailed profile information to all authenticated users. Restricting this permission reduces the risk of unauthorized data reconnaissance but may impact user experience in directory-based search and people picker scenarios.
What Aether365 Checks
Aether365 verifies whether the defaultUserRolePermissions.allowedToReadOtherUsers setting in the Microsoft Entra ID authorization policy is configured to false, which restricts users from reading others’ full profile data. This check appears in your Aether365 dashboard under the entra-id service.