Hybrid Identity Admin Questions

Microsoft strongly advises enabling Multi-Factor Authentication (MFA) for all privileged accounts, including the Hybrid Identity Administrator role. Within Privileged Identity Management (PIM), the recommended approach is to configure the role as Eligible rather than Permanent. This ensures that administrative access is granted only when required, thereby reducing standing privileges and enhancing overall security posture.

Microsoft Entra built-in roles - Microsoft Entra ID | Microsoft Learn

Privileged Identity Management documentation | Azure Docs