Extra Admin Accounts

Learn about extra admin accounts and how to mitigate this risk.

Having numerous accounts with high-level administrative roles increases the vulnerability to security breaches. Limiting the number of accounts with privileged roles helps reduce the attack surface, making it harder for attackers to infiltrate your organization's resources.

Risk Insights defines extra admin accounts as the total number of administrator accounts exceeding five.

To mitigate this risk:

  • Azure AD: Ensure that there are no more than five people assigned the Global Administrator role.

  • Active Directory: Ensure that there are no more than five members of the Administrators group.


For very large organizations, it may be necessary to exceed five admin accounts. However, "Extra Admin Accounts" risks cannot currently be added to the exception list.