Playbook
Auditors have flagged standing admin access across our estate
An auditor's report has identified dozens of standing admin role assignments — DevOps engineers with Global Admin, finance contractors with elevated privileges in M365. The CISO wants standing privilege eliminated and a defensible just-in-time activation pattern in place by year-end.
Trigger — Audit finding; cyber-insurance renewal looming.
Good outcome — PIM rolled out for privileged users, standing roles eliminated, quarterly access review cadence live.