Share via

Global Administrator access in multi-tenant architecture

Atrey Dad 41 Reputation points
2022-05-09T10:28:33.037+00:00

In a multi-tenant architecture in Azure, do global administrator have access to resources/administrative features of all the tenants or one tenant only ?
In case it has access to multiple tenants, does it possess some security concern ?
In case it has access to single tenant only, are there multiple global administrator ?

Thanks in Advance.

Azure Migrate
Azure Migrate
A central hub of Azure cloud migration services and tools to discover, assess, and migrate workloads to the cloud.
928 questions
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Alan Kinane 16,951 Reputation points MVP Volunteer Moderator
    2022-05-09T10:40:19.77+00:00

    A global admin is per tenant, so you would need to manage multiple global admin users per tenant for full global admin privileges to each tenant.

    However, there are ways that you can manage multiple tenants with varying levels of permissions through delegated admin privileges and M365 Lighthouse and Azure Lighthouse. These use a single identity to provide administrative access to other tenants so it would be very important to secure these accounts.

    Here's some links for further reading:

    https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/about-admin-roles?view=o365-worldwide

    https://learn.microsoft.com/en-us/microsoft-365/lighthouse/m365-lighthouse-overview?view=o365-worldwide

    https://azure.microsoft.com/en-us/services/azure-lighthouse/#overview

    4 people found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.