Policy Management for Linked Server Logins
Currently, there's a huge glaring security vulnerability in linked servers, if under "For a login not defined in the list above, connections will:" the option "Be made using this security context:" is selected. This poses serious security elevation risks, if not done properly.
I would hope that there would've been a Condition type to be configured in SQL Server Policy Management, which would make sure that this option would not be used.
Unfortunately, there isn't. Also, Linked Server mapped logins don't seem to exist as a Facet in Policy Management.
My suggestion is to add Linked Server Mapped Logins as a facet in Policy Management, and thus give us the possibility to define a policy that would prevent bad security practices with Linked Servers.
For more info: