MT.1075 - Third Party Entra Apps should only have explicitly assigned users instead of All Users.
Overviewβ
This test checks if you have any third party service principals that are open to all users. It is recommended to set 'Assignment required?' to Yes for all Third Party apps.
Remediation actionβ
Open all app service principals below and set 'Assignment required?' to Yes. Assign users under 'Users and groups' to provide them with explicit access. If desired, use the audit logs per SPN to determine who was using the application before locking them down.
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | MT.1075 |
| Severity | Medium |
| Suite | Maester |
| Category | App |
| PowerShell test | Test-MtServicePrincipalsForAllUsers |
| Tags | App, Entra, Graph, LongRunning, Maester, MT.1075 |
Sourceβ
- Pester test:
tests/Maester/Entra/Test-AppRegistrations.Tests.ps1 - PowerShell source:
powershell/public/maester/entra/Test-MtServicePrincipalsForAllUsers.ps1