AI agents should not use author (maker) authentication for connections
Why This Matters
When AI agents use author authentication for connector tools, they operate under the creator's permissions rather than the end user's. This means a user interacting with the agent could inadvertently access data or services beyond their authorized scope. For IT administrators, this represents a significant security gap that can lead to privilege escalation or unintended data exposure.
What Aether365 Checks
This check scans all Copilot Studio agents in your Microsoft 365 tenant to identify any connector tools configured with author authentication instead of end-user authentication. You will see this result in the Aether365 dashboard under microsoft-365 checks as AE.1118.