No external user with permanent role assignment on Control Plane
Why This Matters
External users with high-privileged role assignments on the control plane introduce a significant security risk. These accounts may not be subject to the same Conditional Access policies, Lifecycle Workflows, or Identity Protection controls as internal users, making them a potential vector for unauthorized access or privilege escalation. Regularly reviewing and removing permanent high-privileged roles for external users helps maintain a least-privilege security posture.
What Aether365 Checks
This check verifies that no external user has been assigned a high-privileged role on the control plane in your Microsoft 365 tenant. The result appears in your Aether365 dashboard under the microsoft-365 service category.