At least one Conditional Access policy is configured to enable application enforced restrictions
Why This Matters
Without a Conditional Access policy that enforces application restrictions, users can access corporate data in SharePoint, OneDrive, and Exchange from unmanaged or personal devices that lack security controls. This increases the risk of data leakage, unauthorized access, and exposure to malware. Enforcing app restrictions ensures that only compliant and managed applications can handle sensitive company information.
What Aether365 Checks
This check verifies if the tenant has at least one Conditional Access policy configured to enable application enforced restrictions. In the Aether365 dashboard under microsoft-365 checks, this scan identifies whether such a policy exists to limit access from unmanaged devices.
How to Fix
To remediate this issue, create a Conditional Access policy that blocks or limits access to SharePoint, OneDrive, and Exchange from unmanaged devices.