High

Applications with insecure redirect URIs

Identifies app registrations with wildcard or HTTP (non-HTTPS) redirect URIs.

Category: Application Security
Default severity: High
Rule key: CHECK_APP_WILDCARD_REDIRECT
Last updated: February 20, 2026

How to fix it

Use specific HTTPS redirect URIs instead of wildcards. Insecure redirect URIs can be exploited for token theft.

Required Microsoft Graph permissions

EntraAnalyzer needs the following read-only Graph permissions to evaluate this rule:

Application.Read.All

Further reading

Microsoft documentation →

Run this check on your tenant

EntraAnalyzer evaluates this rule automatically on every scan and emails you the results.

Get started — free first scan →