Admins can have access to much of customer and employee data. MFA makes users use a second method of identification to verify their identity. It's actually a good idea to require MFA for all of your users, but admins should definitely be required to use MFA to sign in. Require multi-factor authentication for admins For example, if you want someone to reset employee passwords you shouldn't assign the unlimited global admin role, you should assign a limited admin role, like Password admin or Helpdesk admin. Therefore, we recommend you have at least either one more Global Admin or a Privileged Authentication Admin in the event a Global Admin locks their account.Īssigning the least permissive role means giving admins only the access they need to get the job done. Either another Global Admin or a Privileged Authentication Admin can reset a Global Admin's password. A Global Admin may inadvertently lock their account and require a password reset. We recommend you limit the number of Global Admins as much as possible. Global Admins have almost unlimited access to your organization's settings and most of its data. Security guidelines for assigning rolesīecause admins have access to sensitive data and files, we recommend that you follow these guidelines to keep your organization's data more secure. However, these roles are a subset of the roles available in the Azure AD portal and the Intune admin center.įor the full list of detailed Azure AD role descriptions you can manage in the Microsoft 365 admin center, check out Administrator role permissions in the Azure AD built-in roles topic.įor the full list of detailed Intune role descriptions you can manage in the Microsoft 365 admin center, check out Role-based access control (RBAC) with Microsoft Intune.įor more information on assigning roles in the Microsoft 365 admin center, see Assign admin roles. The Microsoft 365 admin center lets you manage Azure AD roles and Microsoft Intune roles. ![]() The user's details appear in the right dialog box. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |