Why you should always use separate administrator accounts in Microsoft 365

Entra ID screenshot showing two users for same person.

Using your regular Microsoft 365 for administrator accounts is one of the most basic, most common, and most dangerous mistakes we see when working with Entra ID.

🏖️ Always having administrator access is quite comfortable when working as an IT admin. However, should your account be compromised, you are in trouble 🙅

This is why all accounts with administrator privileges – be it global admins 🌍 or other administrators – should always be separate accounts.

🤔 Why?
1. Separate admin accounts don’t need e-mail, and is typically less exposed than a regular user account. This makes these accounts much less prone to being compromised 🧱
2. Security by obscurity. Just finding these accounts are harder, adding an extra hurdle for those trying to gain access to your company 🕵️‍♀️

We recommend following a naming scheme for these accounts, for example by prefixing the user name with something short that indicates this is an admin account. Differentiating between global administrators and other levels of access in the prefix might be a good idea – preferably without spelling out “admin” or similar 😶

💵 And there is no need to worry about increased license cost, since the Entra ID license is per human, not account.

Caveats

– You have to switch user when performing tasks requiring admin access. In practice this is not a big deal. Use a separate profile in your browser for this account, so you don’t even have to log out of your regular account. Make sure you create a shortcut to this profile making it easily accessible.

To read more on how to secure these administrator accounts further, take a look at this article on Privileged Identity Management (PIM). And if you just want to see all your privileged accounts, see this article for an easy toturial.

If you want a simpler way see get an overview of all your administrator accounts, or just want help securing your Microsoft 365 tenant, take a look at our Proactive Security Monitoring service😇

Recent Services Blogs
Recent News
Recent Blogs
Scroll to Top