Privileged Access Security Audit Checklist
Comprehensive checklist for auditing privileged access in Microsoft 365 and Entra ID. Use this for quarterly reviews or pre-audit preparation.
Prerequisites
- •Global Reader or Security Reader role
- •Access to Entra ID admin center
- •PowerShell with Microsoft Graph module
Global Administrator Review
Audit all Global Administrator assignments.
Export list of all Global Admins and verify count.
Related: PA-01Tips:
- • Run: Get-MgDirectoryRole | Where DisplayName -eq "Global Administrator" | Get-MgDirectoryRoleMember
Check authentication methods for each Global Admin.
Related: ID-01Admins should not use their daily accounts for privileged access.
Related: PA-02Identify any Global Admins with no recent activity.
Privileged Role Review
Audit all privileged role assignments beyond Global Admin.
Check that roles use eligible assignments, not permanent.
Related: PA-04Document why each user needs their privileged role.
Identify users with more access than their job requires.
Emergency Access Review
Audit break-glass account configuration.
Check for properly configured emergency access accounts.
Related: PA-05Verify accounts are excluded from all Conditional Access policies.
Check documentation for recent test of emergency access.
Verify alerts are configured for any break-glass account usage.
Service Account Review
Audit service accounts and managed identities.
List all service accounts with their purpose and owner.
Verify service accounts have minimum required permissions.
Verify appropriate authentication for service accounts.
Automate this checklist with TrueConfig
TrueConfig automatically monitors your Microsoft 365 configuration against these best practices and alerts you when settings drift.