Forum Discussion
Total Number of Global Administrators
Evening All, I'm trying to confirm how many PIM eligible global administrators can you have in a tenant? Is it still 4 or is that recommendation only for accounts with a perm GA role? Under what ...
The recommendation from Microsoft is to have no more than 4 dedicated GA accounts. However, as far as I know, there are no such guidelines for PIM eligible GA's. This would make sense as they only have the role on a just in time basis, and are therefore less vulnerable.
This article may be of help - https://docs.microsoft.com/en-us/office365/enterprise/protect-your-global-administrator-accounts
I haven't found any guidance for this either but it really depends on how you view the term 'dedicated' for me it appears open to interpretation. PIM eligible GA accounts can also be enabled for self approval and if you have a large number of PIM eligible GA approvers might get into the habit of approving requests without a whole lot of thought. Their are some risks here that orgs really need to work through... setting a limit for PIM eligible GA's I think might help reduce this threat.
Agreed. I would say that if you are going to have a significant number of PIM eligible GA's, then requiring an approval process is really going to be essential.