No user with mailbox and permanent role assignment on Control Plane
Description
Permanent Assignments of high-privileged Entra ID directory roles will be checked to identify privileges for users with enabled mailboxes. Related roles will be identified based on the classification model from the EntraOps project which helps to identify directory roles with Control Plane (Tier0) permissions.
How to fix
Take attention on mail-enabled administrative accounts with Control Plane privileges. It's recommended to use mail forwarding to regular work account which allows to avoid direct mail access and phishing attacks on privileged user.