SC-127473: Update to pass tenants with zero gobal admin role assignments
under review
P
Parth Ghetia
RE: Security Controls > Between two and four Global Administrators are designated (ispm/security_controls/127473)
This control is reported as non-compliant for M365 tenants we manage using a JIT privilege escalation process. Our process removes all global admin role assignments from managed tenants until they are needed and the escalation request is logged.
I recommend updating this control definition to allow tenants with zero Global Administrators to report as compliant for Partners that maintain this specific security posture.
S
Scott Riley
marked this post as
under review
Nice, OK I see what you're saying and thanks for bringing this up. We are looking at how to improve the fidelity of this Global Admin control tracking and PIM has been brought up there already. This is another good suggestion along those lines too. I'll raise this with the team! Thanks so much for checking out ISPM and for the feedback!