MC243943 – We’ve created two new roles, Authentication policy administrator and Domain name administrator, to help reduce the number of Global Administrators in your organization.
When this will happen
These roles are available now.
How this will affect your organization
We recommend the following:
- Assign Authentication policy administrator instead of Global Administrator to configure the authentication methods policy, tenant-wide multi-factor authentication settings, and the password protection policy.
- Assign Domain name administrator instead of Global Administrator to manage (read, add, verify, update, and delete) domain names.
What you need to do to prepare
Because Global administrator accounts are powerful and vulnerable to attack, we recommend that you have fewer than five Global Administrators.