AZ-002 Microsoft Azure

Number of Global Administrators is limited (typically 2-4).

Number of Global Administrators is limited (typically 2-4).

Domain
Microsoft Azure
Area
Entra ID / IAM
Automated / manual
Automated

Risk if it fails

Excess global admins multiply takeover paths.

Every global admin is a master key. The more keys exist, the more chances one is phished or misused, and any single one can hand over everything.

How Tess tests it

1 test — each concludes only on cited evidence.

Number of Global Administrators is limited (typically 2-4).

Automated
Procedure
Enumerate members of the Global Administrator role.

Read-only command 

az rest --method get --url "https://graph.microsoft.com/v1.0/directoryRoles/roleTemplateId=62e90394-69f5-4237-9190-012177145e10/members"

More in Microsoft Azure

AZ-001 MFA is enforced for all users, especially privileged roles. AZ-003 Privileged Identity Management (PIM) provides just-in-time elevation. AZ-004 Legacy/basic authentication is blocked. AZ-005 Guest user access and invitations are restricted.

Want Tess to test AZ-002 against your evidence?

Book a demo