No Service Principal with Client Secret and permanent role assignment on Control Plane
Why This Matters
Service principals with client secrets and permanent high-privileged role assignments on the control plane pose a significant security risk. If a client secret is compromised, an attacker can maintain persistent elevated access to your Azure environment. Using certificates with shorter lifespans or managed identities reduces this attack surface and aligns with least privilege principles.
What Aether365 Checks
This check scans for service principals in your Microsoft 365 tenant that have both a client secret configured and a permanent assignment to a high-privileged role on the Azure control plane. It appears in your Aether365 dashboard under the microsoft-365 checks category.