GOV-07MediumRecommended Secure
Audit Privileged Role Assignments
Governance & Hygiene control for Microsoft 365 and Entra ID
Why This Control Matters
Privilege creep happens gradually. Without a baseline of who should have admin rights, you cannot detect unauthorized role assignments. Regular auditing ensures only authorized users retain privileged access.
Expected State
When this control is compliant, your tenant should meet these criteria:
- 1All privileged role assignments are documented
- 2A baseline of expected role holders exists
- 3Changes from baseline are detected and reviewed
Enforcement
Default Mode
Advisory
Alerts on deviations but does not make changes
Auto-Remediation
Manual Only
Creates baseline snapshot of privileged role assignments for drift detection
Ready to implement this control?
TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.