Default Settings - Consent Policy Settings - Group owner consent for apps accessing data
Why This Matters
When group owners can consent to apps accessing their group’s data, unauthorized third-party applications may gain permissions they do not need. This can lead to data exposure or compliance violations, especially in environments where group data contains sensitive information. Limiting this privilege reduces the attack surface and ensures consent follows a consistent policy.
What Aether365 Checks
Aether365 verifies that the setting for group owner consent to apps accessing data is disabled (set to False) in your Microsoft Entra ID tenant configuration. This check appears in the Aether365 dashboard under the entra-id checks section.