InformationYou should review non-global administrator role group assignments at least every week.
While these roles are less powerful than a global admin, they do grant special privileges that can be used illicitly. If you see something unusual, contact the user to confirm it is a legitimate need.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
SolutionTo review non-global administrator role group assignments, use the Microsoft 365 Admin Center:
Go to Security.
Click on Audit then select Search.
Set Added member to Role and Removed a user from a directory role for Activities
Set Start Date and End Date.