2.3.2 Ensure non-global administrator role group assignments are reviewed at least weekly

Information

Non-global administrator role group assignments should be reviewed at least every week.

Rationale:

While these roles are less powerful than a global admin, they do grant special privileges that can be used illicitly. If unusual activity is detected, contact the user to confirm it is a legitimate need.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To review non-global administrator role group assignments:

Navigate to Microsoft 365 Defender https://security.microsoft.com.

Click on Audit.

Set Added member to Role and Removed a user from a directory role for Activities.

Set Start Date and End Date.

Click Search.

Review.

See Also

https://workbench.cisecurity.org/benchmarks/15279

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-6, 800-53|AU-6(1), 800-53|AU-7(1), CSCv7|6.2

Plugin: microsoft_azure

Control ID: 91d9b8eff0d2ed3593ef028214ea2da8a9390704815899b1dfa139a4fc41d347