Applications

Application registrations and service principals

4 findings in this category.

• High Application owned only by non-admins Detects applications whose sole owners are non-privileged users. Any owner can add credentials and assume the application's permissions.
• Medium Applications with long-lived credentials Detects application secrets or certificates with a lifetime greater than 2 years.
• Medium Disabled service principal retains grants Detects service principals disabled while still holding OAuth2 permission grants.
• Medium Expiring App Credentials Checks for application credentials expiring within 30 days