Use the following best practices to secure your Global Admin account in Microsoft Office 365.
- For maximum security, use the maximum allowed password length (16 characters) for your Global Admin accounts.
- Always create at least one additional Global Admin account as a backup. This account doesn’t need an Office 365 license.
- Instead of using AdminName@YourDomain.com account for the Global Admin account, use the AdminName@YourDomain.onmicrosoft.comaccount and DO NOT assign any licenses.
- Always use a phone number and an Alternative email address for your Global Admin account so it can be used for verification by Microsoft, if there’s a need.
- Limit the number of Global Admins in your organization to as few as possible. Two Global Admins are ideal for most small to medium-sized organizations. The rest of the administrators should be assigned a Customized administrator role, such as Billing administrator, Dynamics 365 service administrator, Exchange administrator, Password administrator, Skype for Business administrator, Power BI service administrator, Reports reader, Service administrator, SharePoint administrator, or User management administrator. Keep in mind you can assign multiple roles to an individual.