/
Understanding the Excessive Global Administrator accounts risk

Understanding the Excessive Global Administrator accounts risk

BarracudaONE displays this risk when it detects, through Microsoft Entra ID, that an environment has an unsafe number of Global Administrators. The number of Global Administrators may be too high, which means too many accounts have a high level of access to the environment, or too low, which means changes and containment can be slower.

Why this is a risk

Because of their level of control, Global Administrator accounts are a valuable target for attackers. These accounts can change security settings, reset any user's password, manage applications, and grant themselves additional privileges. Because of their broad power, they are a prime target for attackers.

Having too many Global Administrators gives attackers additional prime targets for compromise.

Having too few Global Administrators means that if one is compromised, there are fewer available to respond to the attack as quickly as possible.

Reviewing privileged roles to ensure there are between two and four in the environment strengthens security and reduces the likelihood of compromise.

How BarracudaONE identifies this risk

BarracudaONE displays:

  • Total Global Administrator count

  • List of Global Administrators with display names or emails

  • The timestamp of the last sign-in

Resolving this risk

Resolving this risk involves reducing or increasing the number of Global Administrators to an appropriate level.

To resolve the Excessive Global Administrator accounts risk

  1. In the left navigation menu, select Home Home.png.

  2. In the Start mitigating risks section, do one of the following:

    • Select the Excessive Global Administrator accounts risk.

    • Select another risk, then use the arrows to navigate to the Excessive Global Administrator accounts risk.

  3. In the Global administrators section, review the administrators.

  4. In your environment, adjust the number of administrators:

    • If the issue is too many Global Administrators, reduce the number to four or fewer.

    • If the issue is too few Global Administrators, increase the Global Administrator count to two or more.

When this criteria is met, the risk auto-resolves after the next Entra ID sync.

If you disable or delete the conditional access policy, the risk returns.

Once you have resolved this risk

Having an appropriate number of Global Administrators is beneficial because it balances resilience with security control:

  • Redundancy and reduced downtime—If one administrator is unavailable, others can still manage critical tasks, avoiding outages during urgent changes, incident response, or access recovery.

  • Faster incident response—During security events having multiple Global Admins means you can act quickly without waiting for a single person.

  • Better resilience for privileged account recovery—If a Global Admin is locked out or needs credential rotation, other Global Admins can regain control.

Regularly review who is in the Global Admin group and remove inactive accounts.

 

We value your feedback.
If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
For general product inquiries or technical support, please contact the global Barracuda Support team.