Enable Azure AD Identity Protection sign-in risk policies

Why This Matters

Unrestricted access to Microsoft administrative portals exposes sensitive tenant configurations and privileged operations to non-administrative users. Even though default portal access limits what users can view, allowing broad sign-in access increases the risk of administrative errors, CSP-induced vulnerabilities, or lateral movement during a breach. Restricting portal access to designated administrative roles is a core defense-in-depth measure to protect your organization’s most sensitive data.

What Aether365 Checks

Aether365 verifies that a Conditional Access policy exists and is configured to block sign-ins to Microsoft Admin Portals for non-admin users. This check appears in your Aether365 dashboard under the entra-id security checks section.

Microsoft references

• Concept conditional access cloud apps