Share via

How to get notified when someone is assigned an admin role in Microsoft 365

Mattison Zhabrea 20 Reputation points
2025-12-09T09:41:49.2+00:00

I’m looking for a straightforward way to receive alerts whenever any user in my Microsoft 365 tenant is added to a privileged admin role (like Global Admin, Exchange Admin, or SharePoint Admin). Ideally, I’d like something that triggers automatically

Microsoft 365 and Office | Development | Other
0 comments
Answer accepted by question author
  1. Flora-T 6,990 Reputation points Microsoft External Staff Moderator
    2025-12-09T18:00:01.8+00:00

    Hi Mattison Zhabrea

    Thank you for reaching out to Microsoft Q&A Forum and sharing your experience.

    Based on your description, I understand that you’re trying to find a way to receive notifications whenever any user is granted admin rights in your tenant, and you’re asking whether there is a built‑in function or a simple toggle to enable this feature.

    From what I’ve gathered, it seems this functionality requires deeper customization within the Defender Portal or Azure AD, and unfortunately, it cannot be enabled with just a straightforward toggle or built‑in option. After looking into it, it appears that currently only Exchange Admin roles can be set up to trigger quick notifications in Defender, using the following method:

    • Sign in to the Microsoft Defender portal https://security.microsoft.com/ using an account with Admin privileges.
    • Navigate to Email & Collaboration > Policies > Alert Policies.
    • Enable the alert to receive notifications when a user is granted Exchange admin permission.

    User's imageYou can read more in this thread: How can we configure alerts to notify us when someone is added as an admin user in any Microsoft 36…

    So, I can conclude that there isn’t a quick setup available for this requirement. For your current need about “something that triggers automatically”, I think you may want to refer to the Moderator’s answer above, which suggests setting up a script for Alert on privileged Azure role assignments and using Email notifications in Privileged Identity Management (PIM)

    Additionally, as a forum moderator, I would like to recommend limiting the number of Global Administrators in your tenant to a small number (ideally is 2):

    • One for regular tenant management tasks.
    • One as a backup administrator.

    Because only Global Admins can assign other admin roles, minimizing this role helps reduce your risk.

    I hope my answer helps clarify your concern.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shubham Sharma 3,590 Reputation points Microsoft External Staff Moderator
    2025-12-09T10:00:50.43+00:00

    Hey Mattison, it sounds like you're looking to set up automatic alerts for when someone is assigned a privileged admin role in your Microsoft 365 tenant. Here's how you can achieve that:

    1. Use Microsoft Graph API for Change Notifications: You can set up change notifications using the Microsoft Graph API. This allows you to subscribe to changes related to user role assignments. Here’s a link to get started with change notifications: Learn about change notifications.
    2. Create an Alert Rule in Azure Monitor: You can also create an alert in Azure Monitor to get notified when there are any role assignments. Here are the steps:
      • Sign in to the Azure portal.
      • Navigate to Monitor and then select Alerts.
      • Click on Create > Alert rule.
      • Set your subscription as the scope.
      • Under the condition tab, select Custom log search, and you can use Kusto queries to filter for specific roles (like Global Admin or Exchange Admin) being assigned. Check out this guide for the exact setup: Alert on privileged Azure role assignments.
    3. Privileged Identity Management (PIM): If you use Privileged Identity Management (PIM), it can automatically send notifications when roles are assigned or activated. To ensure your PIM settings are correct, refer to this documentation: Email notifications in PIM.

    Hope this helps you set up those alerts efficiently! If you have more questions or need further clarification, feel free to ask!

    References:

    Note: This content was drafted with the help of an AI system. Please verify the information before relying on it for decision-making.

    You found this answer helpful.
    0 comments
  2. Q&A Assist
    2025-12-09T09:41:59.9566667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To receive notifications when someone is assigned a privileged admin role in Microsoft 365, you can create an alert rule using Azure Monitor. Here’s a straightforward way to set it up:

    1. Sign in to the Azure portal.
    2. Navigate to Monitor.
    3. In the left navigation, click Alerts.
    4. Click Create > Alert rule.
    5. On the Scope tab, select your subscription.
    6. On the Condition tab, select the Custom log search signal name.
    7. In the Log query box, you can use a query that filters for attempts to assign roles like Global Admin, Exchange Admin, or SharePoint Admin.
    8. Set the measurement values as needed (e.g., count of table rows).
    9. Define the alert logic (e.g., operator greater than 0).
    10. On the Actions tab, create or select an existing action group to define the notifications that will be sent when the alert is triggered.

    By following these steps, you can automate alerts for any changes in admin role assignments in your Microsoft 365 tenant.

    References:

    0 comments
  3. Mattison Zhabrea 20 Reputation points
    2025-12-09T10:40:43.6533333+00:00

    Thanks but I just looking for a simple way, like a toggle or the built in function, the way you show need the special license in EntraID and I think I have to be skilled to do

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.