I'm looking to enhance security for our M365 environment. We've created a Global Admin (GA) account for our small admin team (just three of us). I was planning to use my regular user account for most of my daily tasks like managing Microsoft Defender, handling the Admin Portal for licenses and accounts, and working in Intune. I've seen suggestions that it might be wise to have separate accounts—one for regular tasks and another specifically for handling Defender-related tasks. Is that the right approach, or is it sufficient to just have my regular user account along with the GA account?
2 Answers
Yeah, having separate accounts is definitely the way to go. It's standard practice to keep your admin tasks isolated to reduce exposure. If PIM isn’t an option due to your current setup, just make sure that your GA account is used only for the necessary admin functions and everything else can be done with your regular account.
It's generally recommended to use two separate accounts for M365 admins. You should have your normal user account for everyday tasks, like email and workstation access, and a different account with Global Admin privileges strictly for administrative tasks. This minimizes risk. Using Privileged Identity Management (PIM) is ideal, but if that's not feasible for you right now, just stick with two accounts for added security.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures