I’ve started at a medium-sized org (~1500 users) that has over a dozen global admins in 365, plus another 80 users with various 365 admin access. Does anyone have any tips for how to identify what access the users actually need?
I tried punching up a questionnaire with all of the available options, but my test group reported that it was too convoluted. I’m not sure how I can better identify their needs without interviewing them one-on-one, or just ripping away access and seeing who screams.
Create a model based on processes? Eg least priv for helpdesk for passwords, machine/intune mngt, etc., call it L1. Then add some roles for reporting, wiping/isolating machines or similar for the security team (call it L2 admin), etc.