Application owned only by non-admins
Detects applications whose sole owners are non-privileged users. Any owner can add credentials and assume the application's permissions.
How to fix it
Assign at least one administrator as owner on each application or remove unnecessary permissions.
Required Microsoft Graph permissions
EntraAnalyzer needs the following read-only Graph permissions to evaluate this rule:
Directory.Read.AllApplication.Read.AllRoleManagement.Read.Directory
Further reading
Run this check on your tenant
EntraAnalyzer evaluates this rule automatically on every scan and emails you the results.
Get started — free first scan →