Ensure Service Principals cannot create and use profiles
Why This Matters
Service principal profiles enable multitenancy deployments but can expose customer data to unauthorized applications if misconfigured. Without restrictions, any service principal in your tenant could create profiles that bypass existing security boundaries, violating the principle of least privilege. Administrators must control which service principals have this capability to prevent potential data leakage across tenants.
What Aether365 Checks
Aether365 verifies that the "Allow service principals to create and use profiles" setting is either disabled or enabled only for a defined security group. This check appears in your Aether365 dashboard under the Microsoft 365 compliance section.