No user with mailbox and permanent role assignment on Control Plane
Why This Matters
Mail-enabled privileged accounts create a significant attack surface. Phishing attacks targeting high-privileged users can lead to control plane compromise, allowing attackers to escalate privileges across your entire Microsoft 365 tenant. Removing direct mailbox access from these accounts reduces the risk of credential theft and unauthorized access.
What Aether365 Checks
This check verifies whether any user assigned a high-privileged role on the control plane is also mail-enabled. It appears in your Aether365 dashboard under the microsoft-365 checks section.