question

AtreyDad-4388 avatar image
0 Votes"
AtreyDad-4388 asked AlanKinane answered

Global Administrator access in multi-tenant architecture

In a multi-tenant architecture in Azure, do global administrator have access to resources/administrative features of all the tenants or one tenant only ?
In case it has access to multiple tenants, does it possess some security concern ?
In case it has access to single tenant only, are there multiple global administrator ?


Thanks in Advance.

azure-migrateazure-ad-tenant
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

AlanKinane avatar image
2 Votes"
AlanKinane answered

A global admin is per tenant, so you would need to manage multiple global admin users per tenant for full global admin privileges to each tenant.

However, there are ways that you can manage multiple tenants with varying levels of permissions through delegated admin privileges and M365 Lighthouse and Azure Lighthouse. These use a single identity to provide administrative access to other tenants so it would be very important to secure these accounts.

Here's some links for further reading:

https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/about-admin-roles?view=o365-worldwide

https://docs.microsoft.com/en-us/microsoft-365/lighthouse/m365-lighthouse-overview?view=o365-worldwide

https://azure.microsoft.com/en-us/services/azure-lighthouse/#overview

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.