Smaller organizations are more prone to appoint IT admins with global admin rights as a “catch all” privilege, especially where the company might have started their cloud journey with Office 365. This might be compounded where in small companies, an admin will be expected to support a wider breath of technology. However, this goes against least privilege guidelines for companies looking to a “zero trust” model.