It would be great to get escalations anytime a new Global Admin is created, or an existing user is elevated to global admin, allowing us to mark these as expected or not. For orgs using PIM, while UserA may not always have GA permissions, if they often do, you could add them as an expected rule. We already create a weekly report of these using Huntress SIEM, but its a bad solution for a very common issue.