5.11 Ensure non-global administrator role group assignments are reviewed at least weekly

Information

You should review non-global administrator role group assignments at least every week.

Rationale:

While these roles are less powerful than a global admin, they do grant special privileges that can be used illicitly. If you see something unusual, contact the user to confirm it is a legitimate need.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To review non-global administrator role group assignments, use the Microsoft 365 Admin Center:

Go to Security.

Click on Audit then select Search.

Set Added member to Role and Removed a user from a directory role for Activities

Set Start Date and End Date.

Click Search.

Review.

See Also

https://workbench.cisecurity.org/files/3729

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-6, 800-53|AU-6(1), 800-53|AU-7(1), CSCv7|6.2

Plugin: microsoft_azure

Control ID: 2337dffba509eac18eb35f50c82db5925d8129e7903115e282015a6aad644d2c