Microsoft 365 app: Microsoft Places - Built in Admin role support

🚨 The Signal: Microsoft Places introduces built-in admin roles, enabling delegated management. This change improves the principle of least privilege by allowing granular access assignments, reducing the risk of over-privileged accounts in a new M365 service.

The Impact

Security teams and M365 admins are affected, with a reduced risk of privilege escalation due to improved role delegation.

• Security Teams: Reduced risk of privilege escalation in Microsoft Places.
• M365 Admins: Improved ability to delegate Places management securely.
• Compliance Officers: Easier demonstration of least privilege principles for Places.

The Action

1. Review Microsoft Places documentation for new built-in admin roles.
2. Identify existing Places administrators and their current permissions.
3. Map Places administrative tasks to the new built-in roles.
4. Implement least privilege by assigning the most restrictive roles necessary.
5. Regularly audit assigned roles and permissions within Microsoft Places.

Domain: M365-Apps · Impact: medium · Workload: M365 Apps · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898