Ensure approval is required for Privileged Role Administrator activation
Why This Matters
The Privileged Role Administrator role can manage assignments for all Microsoft Entra roles, including Global Administrator. Without requiring approval for activation, a compromised account assigned to this role could silently elevate itself to the highest privilege levels. Enabling approval forces each activation to be reviewed by trusted parties, adding a critical layer of accountability and reducing the risk of privilege escalation attacks.
What Aether365 Checks
This check verifies that Microsoft Entra Privileged Identity Management (PIM) requires approval when the Privileged Role Administrator role is activated. In your Aether365 dashboard, this appears under the Entra ID checks section.