Microsoft 365 Security Basics: Separate & Cloud Gapped Admin accounts

I am back with another M365 Security Basic, this one isn’t a setting but a change in methodology. Separating your Standard user account and Admin account, and mastering your cloud admin accounts in M365.

Let me know in the comments if you separate your accounts and if you use cloud-only admins.

C H A P T E R S
00:00 Video Intro
00:58 Separate Admin Accounts
05:17 Cloud Only Admin Accounts
06:53 Wrap UP

L I N K S
Audit Cloud Synced Admins
https://github.com/dougsbaker/Public-Toolbox/blob/main/o365Tools/AzureAD/Audit-AdminSync.ps1

Alex Weinart – Protecting Microsoft 365 from on-premises attacks
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/protecting-microsoft-365-from-on-premises-attacks/ba-p/1751754

Best practices for Azure AD roles
https://learn.microsoft.com/en-us/azure/active-directory/roles/best-practices#8-use-cloud-native-accounts-for-azure-ad-roles

Enterprise Access Model
https://learn.microsoft.com/en-us/security/compass/privileged-access-access-model