View privileged role assignments in your organization

The Microsoft Entra Insights tab shows you who is assigned to privileged roles in your organization. You can review a list of identities assigned to a privileged role and learn more about each identity.

Note

Microsoft recommends that you keep two break glass accounts permanently assigned to the Global Administrator role. Make sure that these accounts don't require the same multi-factor authentication mechanism to sign in as other administrative accounts. This is described further in Manage emergency access accounts in Microsoft Entra.

Microsoft recommends that organizations have two cloud-only emergency access accounts permanently assigned the Global Administrator role. These accounts are highly privileged and aren't assigned to specific individuals. The accounts are limited to emergency or "break glass" scenarios where normal accounts can't be used or all other administrators are accidentally locked out. These accounts should be created following the emergency access account recommendations.

Note

Keep role assignments permanent if a user has an additional Microsoft account (for example, an account they use to sign in to Microsoft services like Skype or Outlook.com). If you require multi-factor authentication to activate a role assignment, a user with an additional Microsoft account will be locked out.

Prerequisite

To view information on the Microsoft Entra Insights tab, you must have Permissions Management Administrator role permissions.

View information in the Microsoft Entra Insights tab

1. From the Permissions Management home page, select the Microsoft Entra Insights tab.
2. Select Review global administrators to review the list of Global Administrator role assignments.
3. Select Review highly privileged roles or Review service principals to review information on principal role assignments for the following roles: Application Administrator, Cloud Application Administrator, Exchange Administrator, Intune Administrator, Privileged Role Administrator, SharePoint Administrator, Security Administrator, User Administrator.

Next steps

• For information about managing roles, policies and permissions requests in your organization, see View roles/policies and requests for permission in the Remediation dashboard.