User activation of other highly privileged roles SHOULD trigger an alert.

Why This Matters

Privileged role activations in Microsoft Entra ID can indicate either legitimate administrative activity or a potential security breach. When highly privileged roles like Global Administrator or Privileged Role Administrator are activated without proper alerting, an attacker could silently escalate their access and move laterally across your tenant. Without automated alerts, your security team remains blind to these critical events, increasing the risk of undetected compromise.

What Aether365 Checks

Aether365 verifies that your tenant has an alert configured to trigger when a user activates any highly privileged role in Microsoft Entra ID. This check appears in the Aether365 dashboard under the Entra ID checks section.