Ensure 'User owned apps and services' is restricted

Why This Matters

Allowing users to register and manage their own applications and services in Microsoft 365 introduces significant security risks. Users may inadvertently create or install apps with excessive permissions, enabling data exfiltration, phishing attacks, or unauthorized access to sensitive organizational resources. Administrators must restrict this capability to maintain control over the application landscape and reduce the attack surface.

What Aether365 Checks

This check verifies that the setting "User owned apps and services" is restricted within Microsoft 365. The check appears in the Aether365 dashboard under the microsoft-365 checks category and reports as non-compliant if users have the ability to register applications without administrative approval.