Skip to main content

πŸ“ Microsoft Entra ID Admin accounts are not used for daily operations 🟒

  • Contextual name: πŸ“ Admin accounts are not used for daily operations 🟒
  • ID: /ce/ca/azure/monitor/admin-accounts-for-daily-operations
  • Located in: πŸ“ Azure Monitor

Flags​

Our Metadata​

  • Policy Type: COMPLIANCE_POLICY
  • Policy Category:
    • SECURITY

Description​

Open File

Description​

Microsoft Azure admin accounts should not be used for routine, non-administrative tasks.

Rationale​

Using admin accounts for daily operations increases the risk of accidental misconfigurations and security breaches.

Impact​

Minor administrative overhead includes managing separate accounts, enforcing stricter access controls, and potential licensing costs for advanced security features.

Audit​

From Azure Portal​
Monitor​
  1. Go to Monitor.
  2. Click Activity log.
  3. Review the activity log and ensure that admin accounts are not being used for daily operations.
Microsoft Entra ID​
  1. Go to Microsoft Entra ID.
  2. Under Monitoring, click Sign-in logs.
  3. Review the sign-in logs and ensure that admin accounts are not being accessed more frequently than necessary.

References​

  1. https://learn.microsoft.com/en-us/security/privileged-access-workstations/critical-impact-accounts

Remediation​

Open File

Remediation​

If admin accounts are being used for daily operations, consider the following:

  • Monitor and alert on unusual activity.
  • Enforce the principle of least privilege.
  • Revoke any unnecessary administrative access.
  • Use Conditional Access to limit access to resources.
  • Ensure that administrators have separate admin and user accounts.
  • Use Microsoft Entra ID Protection helps organizations detect, investigate, and remediate identity-based risks.
  • Use Privileged Identity Management (PIM) in Microsoft Entra ID to limit standing administrator access to privileged roles, discover who has access, and review privileged access.

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS Azure v4.0.0 β†’ πŸ’Ό 6.3.1 Ensure that Azure admin accounts are not used for daily operations (Manual)1
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό User Account Management17