Alexander's Blog

Sharing knowledge with the global IT community since November 1, 2004

Best Practices for Configuring the Global Admin Account in Office 365

/
/
Security

Use the following best practices to secure your Global Admin account in Microsoft Office 365.

  1. For maximum security, use the maximum allowed password length for your Global Admin accounts.
    NOTE: The maximum password length used to be 16 characters with no spaces. As of May 14, 2019, Azure Active Directory supports passwords up to 256 characters and they can contain spaces.
    Azure AD password can be 8-256 characters
  2. Always create at least one additional Global Admin account as a backup. This account doesn’t need an Office 365 license.
  3. Instead of using AdminName@YourDomain.com account for the Global Admin account, use the AdminName@YourDomain.onmicrosoft.com account and DO NOT assign any licenses.
  4. Don’t use your Global Admin account to do your daily tasks. Create a separate account for Global Admin. For example, Trisha@Contoso.com for daily activities and TrishaAdmin@Contoso.com for administrative duties.
  5. Create at least two emergency access accounts (also known as break glass accounts) that are meant to be used only during an emergency. Exclude the emergency account from all security policies and phone-based multi-factor authentication.
  6. Always use a phone number and an Alternative email address for your Global Admin account so it can be used for verification by Microsoft, if there’s a need.
    Configuring alternative email for Global Admin
  7. Limit the number of Global Admins in your organization to as few as possible. The rest of the administrators should be assigned a Customized administrator role, such as Billing administrator, Dynamics 365 service administrator, Exchange administrator, Password administrator, Skype for Business administrator, Power BI service administrator, Reports reader, Service administrator, SharePoint administrator,  or User management administrator. Keep in mind you can assign multiple roles to an individual.
    Customized Administrator Role

Useful Links

Here are some links that you may find helpful.

Thanks for reading my article. If you are interested in IT training & consulting services, please reach out to me. Visit ZubairAlexander.com for information on my professional background.

Copyright © 2019 SeattlePro Enterprises, LLC. All rights reserved.

  • Facebook
  • Twitter
  • Linkedin

Leave a Comment

Your email address will not be published. Required fields are marked *

This div height required for enabling the sticky sidebar