Sunday, July 02, 2017

Protecting your Office 365 Global Administrator accounts

Office 365 is now globally adopted to drive productivity across the Organization. As more and more features are added to the service, managing each of them requires different level of Admin access and handled by different teams across the IT Organization. Global Administrator Account is the Prime account that has the ability to manage your entire tenant and requires enhanced security.



In today's world Phishing attacks and Security breaches occurs every minute causing drastic impact to business, Having a safe environment without compromising Information Security and data protection is the priority for all Organisations. 

This post is written to point you to the Microsoft support article available that outlines the guidelines for Protecting your Office 365 Global Administrator accounts effectively.

To better protect your Office 365 subscription from attack, you must do the following right now:
  • Create dedicated Office 365 global administrator accounts and use them only when necessary.
  • Configure multi-factor authentication for your dedicated Office 365 global administrator accounts and use the strongest form of secondary authentication.
  • Enable and configure Advanced Security Management to monitor for suspicious global administrator account activity.

As  a best practice always limit the Number of Admin accounts in your tenant, not just limited to Global Admins, and also having your Admin users use their Admin Role access only when required limits the Risk. Keep track of your Admin accounts and ensure that proper Life cycle management is in place to review the usage of Admin roles.


If your Organization has already adopted Microsoft Enterprise Mobility and Security ( EMS E5) or Azure AD premium (Premium P2) you can take the advantage of "Azure AD Privileged Identity Management" to take care of the fore said best practices at ease.

You can review more information here: Start using Azure AD Privileged Identity Management

Having Just in time Admin access , Central Administration of managing Admin Roles and usage reporting etc. ensures your  Office 365 Admin accounts are more secure.

Additionally review the Security Best practices for Office 365 support article to keep your Office 365 Organization more secure for your users.

No comments:

Post a comment