Medium

Multi-tenant applications

Identifies app registrations configured as multi-tenant, which allow sign-in from external organizations.

Category: Application Security
Default severity: Medium
Rule key: CHECK_APP_MULTI_TENANT
Last updated: February 20, 2026

How to fix it

Review multi-tenant applications and ensure they truly need to allow sign-in from external organizations. Restrict to single-tenant if possible.

Required Microsoft Graph permissions

EntraAnalyzer needs the following read-only Graph permissions to evaluate this rule:

Application.Read.All

Further reading

Microsoft documentation →

Run this check on your tenant

EntraAnalyzer evaluates this rule automatically on every scan and emails you the results.

Get started — free first scan →