Ensure access to APIs by Service Principals is restricted
Why This Matters
Allowing service principals to access Power BI APIs without restrictions significantly expands your attack surface. If an attacker compromises a service principal, they can leverage these APIs to programmatically access and manipulate Power BI resources. Restricting this capability to only approved security groups minimizes this risk.
What Aether365 Checks
This check verifies that the "Service principals can use Fabric APIs" tenant setting is either disabled or enabled only for specific security groups. It appears in your Aether365 dashboard under Microsoft 365 checks as M365.2154.