I’ve started at a medium-sized org (~1500 users) that has over a dozen global admins in 365, plus another 80 users with various 365 admin access. Does anyone have any tips for how to identify what access the users actually need?
I tried punching up a questionnaire with all of the available options, but my test group reported that it was too convoluted. I’m not sure how I can better identify their needs without interviewing them one-on-one, or just ripping away access and seeing who screams.
Honestly, it depends on your role within the company as well - if you are a CxO or from IAM/UAM domain, then you can just define a model for this particular “tool” and announce the upcoming change (ie prepare the roles and all, and then clean up existing roles/accesses) that X will happen in next, lets say, 45 days. This will make everyone jump on you of course, buuuuut thats what you want, as at least you will suddenly get people msging you regarding the “why” they need xyz role - et voila you now have your high level list of processes; adjust roles where needed and continue.
My view on this is that it also kinda depends on the company hierarchy and its sector, but you should be a little dictator - youll reap the rewards for being effective; its the others who ignored your call2action who are to blame :D