Monitor the addition and removal of users from sensitive roles

Sensitive roles such as Global Administrator, eDiscovery Manager/Administrator are high-value targets. 

In a common attack, an attacker may use lateral movement techniques to move between different accounts and elevate permissions. 

Ensure that sensitive roles are monitored in order to obtain notification if a potential attacker has elevated their permissions. 

Creating the following Protection Alerts adds to the base Exchange Admin elevation policy by covering more roles. 

Leave a Reply

Your email address will not be published. Required fields are marked *