The PIM Playbook for Securing Global Admin
Standing Global Administrator access is risky—think of it like staying logged in as root in Linux. Instead, use Microsoft Entra Privileged Identity Management (PIM) to grant Global Admin only when needed. By combining PIM with passkeys, authentication contexts, and Conditional Access, you can require phishing-resistant MFA and approval before anyone activates the role. This time-bound, approval-based model limits exposure, reduces risk, and keeps control in the right hands—without sacrificing agility.
How to enable passkeys in your Microsoft 365 tenant
Passkeys are phishing-resistant MFA method. Follow these steps to start using passkeys in your Microsoft 365 tenant today!
Managing Local Admin Rights on Entra-Joined Devices: 3 Practical Approaches
The goal is straightforward: Empower users to do their jobs while keeping company assets and data secure.
Achieving that goal, however, is rarely simple. It requires balancing usability with security, evaluating the threats your organization faces, and considering your unique risk tolerance, legal obligations, and compliance requirements.
Let’s look at 3 ways to manage local admin rights on users’ workstations.