Privileged role on Control Plane are managed by PIM only
Why This Matters
Privileged roles in Azure control plane grant broad administrative control over your tenant. When these roles are assigned permanently outside of Privileged Identity Management (PIM), they introduce unnecessary standing access that bypasses just-in-time activation policies. This increases the risk of lateral movement and privilege escalation if an account is compromised.
What Aether365 Checks
This check verifies whether your Microsoft 365 tenant has any privileged role assignments that are not managed through Privileged Identity Management (PIM). It appears in the Aether365 dashboard under microsoft-365 checks and surfaces active assignments that should be transitioned to PIM for time-bound, approved access.