Limited number of Global Admins are assigned
Why This Matters
When too many users hold the Global Administrator role, the attack surface of your Microsoft 365 tenant expands significantly. A single compromised global admin account can give attackers full control over all directory resources, security settings, and user data. Monitoring the count of global admins and using Privileged Identity Management (PIM) alerts helps you maintain the principle of least privilege and prevent privilege creep.
What Aether365 Checks
This check verifies that a PIM alert exists in your Microsoft 365 tenant to warn when the number of Global Administrators exceeds a defined threshold. It appears in the Aether365 dashboard under the microsoft-365 category as check AE.1032 with a Medium severity rating.