Forum Discussion
How to prevent Admin role from accessing another user mailbox?
Hello, Our management want to be assured that no other user have access to view another user mailbox items. The "other user" means of course someone with administrative rights from IT dept. I...
VasilMichev Thanks for your answer, i think that there should be an option to set more granual permissions to enable a scenario where you may create many very powerful admins (copies of global admin) without certain rights like access to other user mailboxes.
There's isn't. Everyone and anyone that has been granted a Global admin has all the keys to the kingdom. Period. This is why you keep the number of GAs to a minimum and only grant the role to people you fully trust.
And there isn't such thing as "copy of global admin", we cannot create custom Azure AD roles. We can put some controls in place (custom RBAC roles, exclusive scopes, PAM, etc), but again all of these can be overwritten by a GA.