Admin roles can often access, modify, and share this critical and sensitive data. Too many admins with excessive privileges increase the risk of unauthorized data, insider threats, and targeted phishing attacks.
Identify overprivileged admins in your environment with the Admin Permissions Scanner for Microsoft 365.
Developed by Microsoft MVPs, this free tool quickly analyzes the admins in your tenant. Within minutes, it generates a detailed report highlighting risky admin access.
Don’t leave your Microsoft 365 tenant exposed. Prevent unauthorized changes and breaches by tightening your admin controls. Get the Admin Permissions Scanner today to get started.
This tool uses an unpackaged PowerShell script to scan all admin accounts in your tenant. It identifies every type of role—from global and tenant-wide admins to AU-scoped roles to admins with multiple roles and more.
Download Admin_Roles_Insights.ps1. The script is not packaged, allowing you to review it before running it.
In a PowerShell session, run the Admin_Roles_Insights.ps1 script.
The script will retrieve all admin role assignments in your Microsoft 365 tenant, including permanent and eligible (PIM) assignments. It will then score each role based on access level, level of control, and potential impact on security.
The script outputs a report (in HTML, CSV, or Excel) that includes the roles assigned to each admin and their corresponding scores. This will help identify highly privileged accounts in your tenant and guide actions to enforce least-privileged access.
If you need help understanding the report, contact our experts.