#31655 Suspect | P1 | Azure: Entra ID Global Admin Role Assignment @ Blue Mountain Clinic
New-Blumira
Created Jan 15, 2025, 4:58 PM
System (internal)
Jan 15, 2025, 4:58 PM
Check-in (internal)
Jan 15, 2025, 4:58 PM
[embedded image](https://www.blumira.com/) Suspect | P1 | Azure: Entra ID Global Admin Role Assignment @ Blue Mountain Clinic Blumira has detected Azure: Entra ID Global Admin Role Assignment for Blue Mountain Clinic on 2025-01-15 09:40AM MST and triggered action Create Priority 1 Suspect for Responders. Analysis: A Global Administrator Role has been assigned to the user or group [email protected] and [email protected] in your Entra ID Directory in the tenant ece0e288-0186-4ac6-b6d4-40f9e19ff973. A Global Administrator has full permissions over the entire Azure tenant, similar to a Domain Administrator in on premise Active Directory. This role should be protected and access limited to as few individuals as possible to prevent abuse of these permissions. Please note, this detection excludes assignments by Privileged Identity Management (PIM) and Granular delegated admin permissions (GDAP). If you would like to monitor PIM/GDAP assignments enable the detection "Azure: Entra ID Global Admin Role Assignment by PIM/GDAP" from the Detection Rules page under Settings. Finding ID: F-25-02-DB31E Finding Data Source: Microsoft365 Azure AD, Azure AD Audit Replying to this email does not open a ticket or notify the support team. Please email [email protected] or comment within the Finding. [Learn More](https://app.blumira.com/120413f6-dfa7-4ba7-8964-11dd90ed9bf2/query/findings/db31e788-920d-41d2-8a32-beb28f8faf9c) [embedded image] [email protected] [206 E. Huron Street, Suite 106, Ann Arbor, MI 48104](#) e6a0556c-9118-4118-adbc-814bcaebc3f2 [embedded image]
Ticket Automation (internal)
Jan 15, 2025, 4:58 PM
Automation Blumira ran on this ticket. Actions: Change Status to New-Blumira
| Started | Ended | Hours | Notes |
|---|---|---|---|
| No time entries | |||