In my last post I covered how to monitor the GOD Mode in Azure (Coined by the great John Savill ). While visibility and monitoring are great capabilities, there’s a big issue: the permanent nature of the access. - Let's fix that! The way Elevated Access currently works, there’s no built-in way to manage, or restrict it—not through PIM for time- and approval-based access, not with access reviews, and not with entitlement management either. Once access is enabled for a user,

Elevating access to manage Azure subscriptions is a valuable tool for administrators, particularly when dealing with unknown or orphaned subscriptions. However, with no built-in restrictions on when or how long this access can be used , monitoring these events is critical to maintaining security and accountability. Global administrators occasionally need to enable Elevated Access in Microsoft Entra to manage Azure subscriptions, but without proper oversight, this level of a

In the first part of this series , we laid the foundation for securing Microsoft Business Premium environments, covering the core security principles and configurations. Now, we shift our focus to authentication—the frontline of identity protection. Authentication is at the heart of securing any environment, and with evolving threats like phishing, credential stuffing, and AiTM attacks, ensuring robust authentication is non-negotiable. A compromised identity can grant an atta