The Misconception With Global Admins


Quyền hạn Global Admin trong Active Directory trên hệ thống Cloud Azure

Image result for microsoft azure

Microsoft are continuing to break out the roles in Azure Active Directory to help isolate “roles” and grant least privilege access. Although they aren’t quite there yet, it should be rare that you would need to grant global admin rights to an account.

Microsoft recommend that you limit GAs as much as you can and instead look to use designated roles. This excludes the two emergency accounts which should be setup should AAD fail.

Recently, I’ve seen an increase in posts and tweets about some misconception around Global Admins and Azure RBAC. Two main topics being:

  • Thinking that Azure Active Directory Roles are the same as Azure RBAC (Infra).
  • Comparing Global Admins to Domain Admins

Thinking that Azure Active Directory Roles are the same as Azure RBAC…

Let’s start with the two role-based access controls.

  • Azure AD Roles: Manage all your O365 suite and Azure AD integrated application/services. Think Sharepoint…

View original post 721 more words

Thank you so much

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s