Apps with high-risk permissions having a direct path to Global Admin
Why This Matters
Applications with tier-0 Microsoft Graph permissions can grant direct administrative access to your tenant, including full Global Admin privileges. If a malicious actor gains control of such an application or exploits its permissions, they can take over the entire tenant, access sensitive data, and compromise all user accounts. IT administrators must regularly audit high-risk app permissions to prevent lateral movement and privilege escalation attacks.
What Aether365 Checks
This Aether365 check, listed under microsoft-365 checks in your dashboard, identifies any application registered in your tenant that has high-risk Microsoft Graph permissions with a direct path to Global Admin. It flags apps where such permissions could enable a full tenant takeover if the application is compromised.
How to Fix
To review and remediate high-risk application permissions: