cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Identifying Global Admins in MCAS?

Keith_Ch
Copper Contributor

‎Jun 20 2019 09:36 AM

‎Jun 20 2019 09:36 AM

Identifying Global Admins in MCAS?

Hi,

I'm looking to create a couple policies specifically around Global Admins, I'd like to identify two situations:

-When they change their passwords

-When they change their MFA settings

 

I was looking, and I see I can add an Azure AD account to MCAS to watch, but I don't see a way to add the Global Admin Directory role, anyone know how to do this, or have further insight into creating these policies?

1,399 Views
0 Likes
3 Replies
Reply
3 Replies
Gerson Levitz

‎Jun 23 2019 03:31 AM - edited ‎Jun 23 2019 03:34 AM

‎Jun 23 2019 03:31 AM - edited ‎Jun 23 2019 03:34 AM

Re: Identifying Global Admins in MCAS?

Hi @Keith_Ch 

 

By default there is a group "Office 365 (default) administrator" that includes the built in roles for AAD not just the Company Administrators.  

 

You can start here to create a query (then create a rule from the query) based on the activity you want to search for. 

image.png

 

When you click on a user you can see which groups  / roles they are a member of. 

image.png

 

 

This not exactly what you are looking for, so I will bring this feedback back to the team for evaluation. 

Best

Gershon

 

0 Likes
Reply
Keith_Ch

‎Jun 25 2019 11:37 PM

‎Jun 25 2019 11:37 PM

Re: Identifying Global Admins in MCAS?

@Gerson Levitz Thanks for the response, I'll see if I can get this working.

0 Likes
Reply
Keith_Ch

‎Jul 08 2019 02:27 PM

‎Jul 08 2019 02:27 PM

Re: Identifying Global Admins in MCAS?

@Gerson Levitz 

So I was playing with this and I realized two things, first I thought you meant I could do additional filtering based on a query, given the fact that group contains all the roles, not just admin I think what I'm trying to do would probably create too much noise.

 

I also realized that this is anytime a user changes a password, including both their own password, and other passwords. How would I specify only my own password? "Change user password." Basically, I want to make it so someone can't change their password if they're a global admin, they need the help of another global admin. So you need two administrators to change an administrator account password, or MFA settings.

0 Likes
Reply