List all Global Admins in your tenant
List Global Admins
Query
IdentityInfo
| where AssignedRoles contains "Global Admin"
| distinct AccountName, AccountDomain, AccountUPN, AccountSID
// If PIM is enabled for Global Admins the list shows only the Global Admins that have used PIM to gain the privileges.About this query
List all Global Admins in your tenant
Query Information
Description
This query lists all accounts that have the Global Admin role assigned to their account. If you have enabled PIM, then only users that have pimmed to Global Admin in the search period will be shown.
References
Sentinel
Explanation
This query is designed to identify all user accounts within your organization that have been assigned the Global Admin role. It specifically looks for accounts with this role and lists their details, such as account name, domain, user principal name (UPN), and security identifier (SID). If your organization uses Privileged Identity Management (PIM) for managing Global Admin roles, the query will only show those users who have activated their Global Admin privileges through PIM during the specified search period.
Details

Bert-Jan Pals
Released: December 1, 2024
Tables
Keywords
Operators