Query Details
List Global Admins
Query
# List all Global Admins in your tenant ## Query Information #### Description This query lists all accounts that have the Global Admin role assigned to their account. If you have enabled PIM, then only users that have pimmed to Global Admin in the search period will be shown. #### References - https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#global-administrator ## Sentinel ``` IdentityInfo | where AssignedRoles contains "Global Admin" | distinct AccountName, AccountDomain, AccountUPN, AccountSID // If PIM is enabled for Global Admins the list shows only the Global Admins that have used PIM to gain the privileges. ```
Explanation
This query lists all the accounts that have the Global Admin role assigned to them in your tenant. If you have enabled PIM (Privileged Identity Management), it will only show users who have used PIM to gain Global Admin privileges. The query provides information such as the account name, domain, UPN (User Principal Name), and SID (Security Identifier) for each Global Admin.
Details
Bert-Jan Pals
Released: February 14, 2023
Tables
IdentityInfo
Keywords
IdentityInfo,AssignedRoles,GlobalAdmin,AccountName,AccountDomain,AccountUPN,AccountSID,PIM
Operators
wherecontainsdistinct