Ensure approval is required for Global Administrator role activation
Why This Matters
Without requiring approval for Global Administrator activation, any eligible user could gain this highly privileged role without oversight. This creates a blind spot where malicious or accidental privilege escalation could go undetected. Mandating approval ensures that at least two trusted approvers review every activation request, reducing the risk of unauthorized administrative access.
What Aether365 Checks
This check verifies that the Global Administrator role in Microsoft Entra ID has the "Require approval to activate" setting enabled within Privileged Identity Management (PIM). You can find this check in the Aether365 dashboard under entra-id checks.