Missing break-glass accounts
The tenant has fewer than two cloud-only Global Administrators dedicated as emergency access accounts.
How to fix it
Create at least two cloud-only Global Administrator accounts, excluded from Conditional Access and standard MFA, stored securely for emergency access.
Required Microsoft Graph permissions
EntraAnalyzer needs the following read-only Graph permissions to evaluate this rule:
Directory.Read.AllRoleManagement.Read.DirectoryUser.Read.All
Further reading
Run this check on your tenant
EntraAnalyzer evaluates this rule automatically on every scan and emails you the results.
Get started — free first scan →