Global Administrator access in multi-tenant architecture

Atrey Dad 41 Reputation points
2022-05-09T10:28:33.037+00:00

In a multi-tenant architecture in Azure, do global administrator have access to resources/administrative features of all the tenants or one tenant only ?
In case it has access to multiple tenants, does it possess some security concern ?
In case it has access to single tenant only, are there multiple global administrator ?

Thanks in Advance.

Azure Migrate
Azure Migrate
A central hub of Azure cloud migration services and tools to discover, assess, and migrate workloads to the cloud.
751 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,530 questions
0 comments No comments
{count} votes

Accepted answer
  1. Alan Kinane 16,811 Reputation points MVP
    2022-05-09T10:40:19.77+00:00

    A global admin is per tenant, so you would need to manage multiple global admin users per tenant for full global admin privileges to each tenant.

    However, there are ways that you can manage multiple tenants with varying levels of permissions through delegated admin privileges and M365 Lighthouse and Azure Lighthouse. These use a single identity to provide administrative access to other tenants so it would be very important to secure these accounts.

    Here's some links for further reading:

    https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/about-admin-roles?view=o365-worldwide

    https://learn.microsoft.com/en-us/microsoft-365/lighthouse/m365-lighthouse-overview?view=o365-worldwide

    https://azure.microsoft.com/en-us/services/azure-lighthouse/#overview

    4 people found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful