Ensure that between two and four global admins are designated - Microsoft 365

Explained: Ensure that between two and four global admins are designated - Microsoft 365

It's recommended to designate more than one global administrator to facilitate monitoring and ensure redundancy in case a single admin leaves the organization. Additionally, each tenant should have no more than four global administrators. Ideally, global administrators should have no licenses assigned to them.

Why Ensure that between two and four global admins are designated - Microsoft 365?

Having only one global tenant administrator increases the risk of undetected malicious activity. Conversely, having numerous global tenant administrators increases the likelihood of a successful breach by an external attacker. Therefore, it's essential to strike a balance by designating more than one but no more than four global tenant administrators.

Which Microsoft License Is This Recommended For?

This security setting is recommended for atleast E3 Level 1 which aims to be practical and sensible, Offer a distinct security advantage, and does not inhibit the functionality of the technology beyond acceptable means.

How to Ensure that between two and four global admins are designated - Microsoft 365:

To create a new Global Admin:

1. Go to the Microsoft 365 admin center at https://admin.microsoft.com
2. Navigate to Users > Active Users.
3. Select the user's name (A window will appear on the right)
4. Select "Manage roles."
5. Choose "Admin center access."
6. Check "Global Administrator."
7. Click "Save changes."

1. Go to the Microsoft 365 admin center at https://admin.microsoft.com
2. Navigate to Users > Active Users.
3. Select the user's name (A window will appear on the right)
4. Select "Manage roles."
5. Choose "Admin center access."
6. UnCheck "Global Administrator."
7. Click "Save changes."

What business impact does the security best practice "Ensure that between two and four global admins are designated - Microsoft 365" have?

The potential impact of ensuring compliance with this requirement varies based on the current number of global administrators configured in the tenant. If there is only one global administrator in a tenant, identifying and configuring an additional global administrator will be necessary. If there are more than four global administrators, a review of role requirements for current global administrators will be needed to identify which users truly require global administrator access.

How to verify the security best practice "Ensure that between two and four global admins are designated - Microsoft 365" has been implemented:

To ensure that between two and four global admins are designated:

1. Go to the Microsoft 365 admin center at https://admin.microsoft.com
2. Navigate to Users > Active Users.
3. Click on "Filter" then select "Global Admins."
4. Review the list of Global Admins to confirm that there are between two to four such accounts.