GOV-07: Audit Privileged Role Assignments

Frequently asked questions about implementing and managing the GOV-07 security control in Microsoft 365 and Entra ID.

Q
What is GOV-07 (Audit Privileged Role Assignments)?
A

GOV-07 is a security control that privilege creep happens gradually. without a baseline of who should have admin rights, you cannot detect unauthorized role assignments. regular auditing ensures only authorized users retain privileged access. It requires that all privileged role assignments are documented and a baseline of expected role holders exists, changes from baseline are detected and reviewed.

Related controls:GOV-07
Q
Why is Audit Privileged Role Assignments important for Microsoft 365 security?
A

Privilege creep happens gradually. Without a baseline of who should have admin rights, you cannot detect unauthorized role assignments. Regular auditing ensures only authorized users retain privileged access.

Related controls:GOV-07
Q
How do I implement GOV-07 in my tenant?
A

GOV-07 requires manual implementation. Creates baseline snapshot of privileged role assignments for drift detection

Related controls:GOV-07
Q
What license do I need for GOV-07?
A

This control can be implemented with any Microsoft 365 subscription, including free Azure AD.

Related controls:GOV-07
Q
Which security baseline includes GOV-07?
A

GOV-07 is included in the TrueConfig Recommended Secure baseline (Level 1). This is the foundation level suitable for most organizations.

Related controls:GOV-07

5

Questions

1

Related Controls

Categorized

Related Resources

GOV-07 Control Reference

Detailed documentation and implementation guidance

Governance & Hygiene Controls

All controls in the Governance & Hygiene category

Security Glossary

Definitions of security and Microsoft 365 terms

Still have questions?

Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.

Start Free Trial
All FAQsBrowse Controls →