Ensure administrative accounts use licenses with a reduced application footprint
Why This Matter
Privileged accounts with full application licenses, like those granting access to Exchange Online or SharePoint, significantly increase the attack surface for high-value identities. Administrative users may accidentally interact with malicious content through email or collaborative tools, exposing them to social engineering attacks. By using a stripped-down license such as Microsoft Entra ID P1 or P2, or no license at all, you isolate administrative tasks from everyday productivity applications, reducing the risk of credential compromise.
What Aether365 Checks
Aether365 verifies that privileged administrative accounts are assigned licenses with a reduced application footprint, such as Microsoft Entra ID P1 or P2, or no license at all. This check appears in the Aether365 dashboard under Entra ID checks.