25,254 questions
IIRC, all global admins are added as owners to the "All Company" group, which is done by an automated background process. I can confirm the same behavior is some of my test tenants, so it's nothing to worry about.
Account was added as owner to a group by Viva Engage?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 76%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
JvD
20
Reputation points
We were alerted to a change being done on the Entra user database for the breakglass accounts we created dated the 10th of December, which had those breakglass accounts added as an owner to a group. The group seems to apparently be the Viva Engage (yammer) group of what I've found, tho the audit log only lists the group ID, and leaves the displayname and user principal name completely empty.
Said group is not listed in EntraID that I could see, so unsure what it actually is. If I track the Object ID as a group, I end up with a group 'All Company'...which is also one I see popping up in Viva Engage if I actually look at that for management at https://engage.cloud.microsoft/.
Looking at the owners for the group, I find basically all high-level admins existing in EntraID have been added as owner to that group.
Looking at the audit logs, it's shown the actor initiating this change is listed as 'Viva Engage', which is listed as an 'application'.
We're not actively doing anything to implement Viva Engage, nor have we actually done anything with it.
While the membership as an owner isn't really a bad thing for the users, we're puzzled as to where this change came from and who (or what) initiated it and why.
At this point we're thinking it's a change Microsoft has done to provide for further changes made to their Viva Engage thing which may require that right in the future, but we're lookin to get some confirmation of that change actually originating at Microsoft.
Is anyone willing to hazard a guess here, or point me at portions I might look at for more information?
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft 365 and Office | Microsoft Viva | Other
93 questions
Microsoft Teams | Microsoft Teams for business | Other
11,002 questions
Accepted answer
-
Vasil Michev 119.9K Reputation points MVP Volunteer Moderator2024-12-16T17:10:51.12+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2024-12-17T01:24:38.2033333+00:00 Hi @JvD
If the reply is helpful to you, please try to mark it as an answer to help others who encounter the same issue could read this thread. Thank you for your understanding and patience!
-
JvD 20 Reputation points
2024-12-17T08:06:11.98+00:00 Thanks... Helps to inform the CSO of the change. Would've been nice to have a headsup about the change from Microsoft so it wouldn't just 'drop' out of nowhere. Then again, I might have missed it in the mails they're sending out.
Sign in to comment -