Description
- Type: CUSTOMER
- Severity: WARNING
- Protection against: ERROR
- CIS: -
This Customer Check verifies via Secure Score if there are administrators with limited roles in the tenant.
Why this check?
By providing users with limited administrator roles, they can be given exactly the permissions needed for a specific task. For example, there are standard roles for Password Administrator or an Exchange Administrator. By using these, there is less reason to grant global admin rights to users, thereby reducing the risk of errors and breaches.
What are the possible outcomes of the check?
This check has two possible outcomes. In Attic, this is reflected as follows:
- Okay: Users with limited administrator roles exist in the tenant
- Warning: No users with limited administrator roles exist in the tenant yet
How should this be followed up?
If the output is Warning , we advise providing administrators with specific tasks with limited administrator roles.
Built-in roles of Azure AD-Azure Active Directory | Microsoft Docs
Comments
0 comments
Please sign in to leave a comment.