There’s a lot of debate around the need to separate Microsoft 365 administrator accounts, especially when controls such as Privileged Identity Management exist within an organization. However, even with PIM there are remaining security concerns which necessitate the operation of separate accounts. This article explains the importance of using separate accounts; details how to target different Conditional Access policies for admin and user accounts and highlights how this approach increases your security posture and limits potential attack vectors against administrator accounts.
When performing a cost-benefit analysis of the Microsoft 365 E5 license for users in your organization, cost is usually the deciding factor as the quality of the features are rarely disputed. However, there are some who argue that to maintain a “Better” Security and Compliance posture as suggested by Microsoft, some of these key security features should be made more widely accessible and affordable and therefore included in the E3 license structure. Microsoft MVP Peter Rising took his debate to Twitter, conducting a straw poll where the results show there is clearly an appetite for more choice when it comes to Microsoft 365 licensing.
Mike Parker explores how to get started with Privileged Identity Management in Azure AD and the benefits of using PIM.
How the Azure Active Directory baseline security policy enforces multi-factor authentication for privileged administrator accounts in Office 365 and Azure AD.
How to use Azure Active Directory conditional access policies to secure logins by accounts with privileged role permissions, such as enforcing multi-factor authentication for all Global Administrators.