A guest user was made global administrator, but was not done by our team

Valued Contributor

Hello Teams Community,


Please i need your help on this.


We have a guest user who was made global Administrator but it was not from our team.


1. I would like to know who added the guest user to the list of global administrators?

2. how is making someone a global admin the only possible way to manage subscriptions in the azure cloud

3. how is our O365 AD and azure cloud AD are connected with eachother?

3 Replies
best response confirmed by IBN (Valued Contributor)
Using Azure and AAD you can go to monitoring and audit logs to see who / when role was added, but it only goes back 30 days by default so unless it happened recently you won't see it.

Azure AD has always been connected to the tenant and the accompanying M365 instance. It's what powers all authentication etc. Azure subscriptions can be tied to the instance as well.
Thank you for your reply.

The user was created in our environment on “Feb 1st 2022” and was not given global admin privileges and there is no evidence of the same in Audit logs.

Kindly help us understand how this guest user got the role of Global administrator for our environment “XYZ 0365 AD when he is from”.
I suggest you contact Microsoft support. We aren’t going to be able to dig through every possible scenario here. But February 1st is more than 30 days so you would have a few week gap. It could be partner account could be other things. But support ticket is your best bet but if they don’t have access to additional logging then you’re not going to know.