I'm a major treky and I've got a user here called Jean luk Picard so here in Jean

Luke's account one big mistake that we all make is that we essentially create a
user account and in this case you can see he's a global admin first of all if Jean
Luke uses this account uh for regular use you should never have the account as a
global admin so if it if this is an operational account then by all means go in and
remove that Global admin account and save the changes now um I would then probably
go and create a separate admin account uh and remember the key thing about the
separate account you don't need a license so that's the key thing about admin
accounts that users M make a mistake about they say they automatically think they
have to have a license they don't now if you do want to Grant the user admin access
rather than being a global admin let's say for example you wanted Jean Luke to
manage user accounts or groups and things like that that's absolutely fine then in
that case you can take advantage of rback roles and you can either assign those
roles here in the user properties so if I go in and choose this or alternatively if
you'd like to know more then simply come down into the roles section and you can
see that this provides you with details of all the various roles and specifically
the category that they're included in and of course if I also come over to entra ID
here come into the identity Tab and scroll down and again again come into roles and
admins you get exactly the same thing here now the one advantage of this here is
that you can actually go ahead and create custom roles and more importantly the
roles that are highlighted here you can quickly see if they are privileged roles so
if I scroll right down to the bottom here here's my user admin role here and you
can see I've got an active assignment and there's Jean Luke bicard that I just put
in okay so first of all take advantage of our back roles so role based Access
Control only provide the user with the access that they need okay this is a
principle of zero trust okay it's the principle of least privilege and this will
avoid you getting any major headaches so there you go my number 10 our back so for
my number nine I'm going to come in here into the enter admin Center I'm going to
come down to the protection blade and here we have something called identity
protection this is a fantastic tool at protecting your uh identities not just for
your users your regular users but also your sensitive users as well such as it
managers CIO CFO CEO and so on now uh the downside is you do need a p two license
for this it has just been going through at the moment a major revamp so it's
looking really nice these days um the information that's coming in is is like super
super useful um one thing I would say is that you can of course get an overview of
it but specifically what it focuses on is risk so ultimately