Global Administrator
Azure AD role with unrestricted access to all administrative features in Microsoft 365 and Azure AD.
What is Global Administrator?
Global Administrator is the most powerful role in Azure AD—it can manage all aspects of the directory and all Microsoft 365 services. This role can assign any other role, access any mailbox, and modify any setting. Because of this power, it should be limited to 2-4 trusted individuals and protected with the strongest authentication requirements.
In Microsoft 365
Global Administrators can manage Conditional Access, PIM, applications, users, groups, and all M365 services. Microsoft recommends using least-privilege roles instead (User Administrator, Exchange Administrator, etc.) and implementing PIM for just-in-time Global Admin access.
Examples
- 1Creating Conditional Access policies
- 2Managing Azure AD roles
- 3Accessing any user mailbox
Related TrueConfig Controls
These controls help implement and verify global administrator in your Microsoft 365 environment.