Forum Discussion
Protect confidential mailbox - Alert setting
Global Administrator can gain access to big boss mailbox by granting himself access to the mailbox or create email forwarding rule. One way to address this is to have security alert setting to noti...
Alerts hardly address anything, they're reactive. Then again, *nothing* you configure in O365 cannot prevent a GA that knows what he's doing from performing any task. If you assign someone as GA, you better be willing to take the risk and consequences.
Anyway, there are few ways to address this. First, you can create "exclusive" management scope, so that only certain people can ever make changes to a "big boss" mailbox: https://docs.microsoft.com/en-us/exchange/understanding-exclusive-scopes-exchange-2013-help
Alternatively, take a look at the Privileged Access Management functionality: https://docs.microsoft.com/en-us/microsoft-365/compliance/privileged-access-management-overview?view=o365-worldwide
Anyway, there are few ways to address this. First, you can create "exclusive" management scope, so that only certain people can ever make changes to a "big boss" mailbox: https://docs.microsoft.com/en-us/exchange/understanding-exclusive-scopes-exchange-2013-help
Alternatively, take a look at the Privileged Access Management functionality: https://docs.microsoft.com/en-us/microsoft-365/compliance/privileged-access-management-overview?view=o365-worldwide
PIM for the win.