Conditional Access policies should not include or exclude deleted groups.

Why This Matters

Conditional Access policies that reference deleted groups create security gaps, as those policies may fail to apply correctly or behave unpredictably. This can leave your organization’s resources unprotected or inadvertently grant access to unauthorized users. Administrators should regularly audit policies to remove stale references and ensure effective access controls.

What Aether365 Checks

Aether365 scans your Microsoft 365 environment to identify any Conditional Access policy that includes or excludes a deleted security group. This check appears in the Aether365 dashboard under the microsoft-365 compliance category.