Aug 20 2018 05:38 AM
Hi Folks ,
I guess I'm probably not the only person who has asked this question in this forum but I'm here for some advice . I've been asked to figure out a way to reduce the Office 365 global admin accounts in our PROD tenant . While I do understand that it depends on the organization itself and the workloads which the admins are managing I'd like to know if there's something specific which I can think of to reduce the count . I decided to knock off the service accounts which has global admin access which is being used to run some scheduled scripts ( I know having a service account with global admin access is a dumb thing to do but we just didn't have other alternatives ) . The admins in the tenant manage multiple workloads hence it's not possible to give them role specific access . We thought of RBAC but event that didn't help . I got this life saver called PIM (Privileged Identity Management ) but the architect team failed to onboard it .I know I have tried all the possibilities myself and since I'm left with none I'm here for some advice .
Aug 20 2018 05:43 AM
Hi Vignesh!
Perhaps not the answer you are looking for since it has been tried in your organization but I think Privileged Identity Management (PIM) is the solution you need in order to achieve what you are looking for.
Regards, Magnus
Aug 20 2018 08:31 PM