We always like being aware whenever a user is granted an admin role in M365, and with more roles being added by Microsoft we think it’s pretty key to keep doing this, not just for the Global Administrators. For administrators that manage a single tenant this is quite easy; setup an e-mail alert whenever a elevation event occurs.
Unfortunately MSPs have a harder time with this; we can’t setup e-mail alerts without messing around with shared mailboxes and forwarding rules which give us a pretty hard time. One of the ways to solve this is by using PowerShell and the graph API.