Ensure Administrative accounts are separate and cloud-only
Why This Matters
Administrative accounts pose a significant security risk because they have elevated access to sensitive data, users, and settings across your Microsoft 365 environment. Using regular user accounts for admin tasks or syncing admin accounts from on-premises Active Directory increases your attack surface and creates risk of cross-environment compromise. Separate cloud-only admin accounts ensure that a breach in one environment does not spread to the other and enable full use of Microsoft 365 security services like Identity Protection, Privileged Identity Management (PIM), and Conditional Access.
What Aether365 Checks
Aether365 verifies that all administrative accounts in Microsoft Entra ID are cloud-only, meaning they are not synchronized from on-premises Active Directory. This check appears in the Aether365 dashboard under the entra-id section.
How to Fix
To ensure administrative accounts are separate and cloud-only, follow these steps: