Conditional Access policies should not reference non-existent users, groups, or roles.
Why This Matters
Conditional Access policies with references to deleted or nonexistent users, groups, or roles can lead to unintended access outcomes. These broken policy entries may cause coverage gaps where security controls fail to apply to the intended audience, leaving critical resources unprotected.
What Aether365 Checks
Aether365 scans all Conditional Access policies in your Microsoft 365 environment and identifies any that include users, groups, or roles which no longer exist. This check appears in the Aether365 dashboard under the microsoft-365 checks category.