2.3.2 Ensure non-global administrator role group assignments are reviewed at least weekly

Information

Non-global administrator role group assignments should be reviewed at least every week.

Rationale:

While these roles are less powerful than a global admin, they do grant special privileges that can be used illicitly. If unusual activity is detected, contact the user to confirm it is a legitimate need.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To review non-global administrator role group assignments:

Navigate to Microsoft 365 Defender https://security.microsoft.com.

Click on Audit.

Set Added member to Role and Removed a user from a directory role for Activities.

Set Start Date and End Date.

Click Search.

Review.

See Also

https://workbench.cisecurity.org/benchmarks/12934

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-6, 800-53|AU-6(1), 800-53|AU-7(1), CSCv7|6.2

Plugin: microsoft_azure

Control ID: b8bce1fb7a4e02453cbd47397b5240627c5d908cc6007608b0eba595337b358c