Ensure administrative accounts use licenses with a reduced application footprint
Why This Matters
Administrative accounts with full application licenses, such as Exchange Online, increase the attack surface for privileged identities. These accounts become susceptible to social engineering and malicious content if they interact with collaborative tools like email or shared documents. Restricting privileges to a dedicated non-licensed account reduces this risk by separating administrative duties from daily productivity tasks.
What Aether365 Checks
Aether365 verifies that administrative accounts in Microsoft Entra ID use only licenses with a reduced application footprint, such as Microsoft Entra ID P1 or P2, or no license at all. This check appears in the Aether365 dashboard under entra-id checks and alerts you to any privileged accounts that retain full application licenses.