Microsoft 365: Dedicated Backup Administrator Role for Microsoft 365 Backup

🚨 The Signal: A new dedicated 'Backup Administrator' role is available for Microsoft 365 Backup. This improves the principle of least privilege by separating backup administration from other M365 administrative duties.

The Impact

Security teams and M365 administrators are affected by this change, which reduces the risk of over-privileged accounts.

• Security Teams: Reduced risk from over-privileged accounts.
• M365 Administrators: Granular control over backup delegation.
• Compliance Teams: Easier demonstration of least privilege principles.

The Action

1. Review existing M365 administrative roles and their backup responsibilities.
2. Identify users currently performing backup tasks with broader permissions.
3. Assign the 'Backup Administrator' role to designated backup personnel.
4. Remove unnecessary backup-related permissions from other administrative roles.
5. Monitor role assignments for the new 'Backup Administrator' role.

Domain: Entra · Impact: medium · Workload: Entra ID · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898