Apps with high-risk permissions having an indirect path to Global Admin
Why This Matters
Applications with high-risk Graph permissions can create an indirect pathway to Global Admin, enabling full tenant takeover by a threat actor. If an application has tier-0 permissions, an attacker who compromises its credentials or secrets can escalate privileges without direct assignment. This risk is particularly dangerous because it bypasses standard administrative controls and can remain undetected for extended periods.
What Aether365 Checks
This check identifies applications in your Microsoft 365 tenant that are assigned tier-0 Microsoft Graph permissions and could provide an indirect path to Global Admin. In the Aether365 dashboard under the microsoft-365 checks section, it scans all registered applications and flags those with high-risk permission sets that may allow privilege escalation.
How to Fix
Review application permissions using the Microsoft Entra admin center.