Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,465 questions
Perhaps:
Service Principals CloudConsoleGrapApi with Global Admin role
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 75%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AH
25
Reputation points
Hi,
I'm doing review on Microsoft Entra and notice several service principals named "CloudConsoleGrapApi" with Global Administrator role. Looking at their activity but found nothing for months.
Any idea what are these service principals and how they end up having Global Admin role?
Thank you in advance.
2 answers
Sort by: Most helpful
-
Andy David - MVP 144.8K Reputation points MVP2024-07-15T20:28:05.65+00:00 -
AH 25 Reputation points
2024-07-15T20:42:02.81+00:00 Thank you for the link, but it seems to have no useful information.
Sign in to comment -
-
Luis Arias 5,981 Reputation points2024-07-15T20:53:45.5033333+00:00 Hi AH,
It looks like you have an third party integration that is causing that Service Principal creation with that specific role I suggest to check the activity log for the account that have the Global Administrator role because only with that role you can assign that high privileged role.
References:
- https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/assign-admin-roles?view=o365-worldwide
- https://learn.microsoft.com/en-us/answers/questions/1458056/i-see-a-few-enterprise-applications-named-cloudcon
- https://www.reddit.com/r/AZURE/comments/141f5y0/service_principal_accounts_with_admin_rights/
If the information helped address your question, please Accept the answer.
Luis