Privileged role on Control Plane are managed by PIM only
Description
Privileged role assignments made outside of Privileged Identity Management aren't properly monitored and may indicate an active attack.
Note: By default, the check excludes emergency access (Break Glass) accounts which has been identified by Maester.
How to fix
Review the users in the list and remove them from privileged roles that they don't need. Notes in the Maester test results provide direct link to the alert page with details to identify and how to address the recommendations.