Exchange Application Access Policies should be configured
Why This Matters
Without application access policies, any application granted Exchange Online permissions can access all mailboxes in your organization, regardless of user roles or need. This creates a significant risk of data exposure, as a single compromised app credential could lead to mass exfiltration of sensitive email data. By restricting app access to only authorized members through distribution groups, you enforce the principle of least privilege and reduce your attack surface.
What Aether365 Checks
Aether365 scans your Exchange Online environment to verify that application access policies are configured for registered applications with Exchange permissions. This check appears in your Aether365 dashboard under the microsoft-365 service category and reports any applications lacking a defined policy scope.