Issue
Users assigned the Global Administrator (GA) role will no longer have the role permanently assigned. This will greatly reduce the privileged account attack surface by only activating the role when needed.
Resolution/Answer
The steps below outline how to activate the Global Admin role in portal.azure.com with a few short steps.
|
Step
|
Detail
|
-
|
Log into Azure and locate the “Microsoft Entra Privileged Identity Management” service.
 |
-
|
Select “My roles”.
 |
-
|
NEW – You will now see the Global Admin role under the “Eligible” tab.
 |
-
|
Locate and click on the “Activate” option to the right of the screen.
 |
-
|
You will be prompted with the Activate Reason window. Activation reasons may include a ticket number and/or activity detail. This step is mandatory and will be audited, so be sure the information given can be linked directly to the work performed. 😉
 |
-
|
The activation takes a few seconds and then you are done!
 |
-
|
Optional: When you have completed the work and no longer need the role, you may deactivate by clicking “Deactivate”.
 |