The Principle of Least Privilege is the idea of providing the lowest level of access to all user accounts to reduce privileges to resources, systems, and networks. Only user accounts that require access to the specified resource are given access. Additionally, access is only given when it is needed, and then it is revoked.
For example, if a specific user account exists to allow an employee to back up their data to a corporate server, they are only given privileges related to backing up their data. They are not given rights to install new apps and might not even be given access to view data, depending on the needs of the user.
While user accounts are typically in the spotlight when discussing the principle of least privilege, this philosophy also calls for running all applications with as few rights as possible. All applications will need some level of rights to operate, so they are given exactly the rights they need to operate and nothing further.
Cybercriminals are well aware that many enterprises use third-party applications and services that are integrated with internal systems. They study these third-party applications and their integrations to look for security flaws. Once found, they are exploited, and they may gain access to internal data. PoLP exists to restrict the level of access that third-party applications are given, greatly reducing this threat.