Products

I agree that you should not use the global admin account for every-day work. So the best action is to create a new global admin account and then remove the permission from the current account. 

Think about a scenario were you are targeted with an attack - e.g. phishing email with attempt to steal credentials. If your day-to-day work account is targeted, the attacker immediately would get full control. Also you should think about implementing additional security measures for your global admins, like MFA + Conditional Access. 

Easiest option is to look at the secure score in Azure Security Center - this will give you a checklist of things to do: https://docs.microsoft.com/en-us/azure/security-center/security-center-secure-score 

Also I suggest taking a look at this guidance explaining a few strategies on how you can enable additional controls, but still ensure resiliency: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-resilient-controls 

Also PIM could be part of the strategy - at least some of the less complex approaches - good summary on steps to take are here: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-admin-roles-secure?toc=%2fazure%2factive-directory%2fprivileged-identity-management%2ftoc.json

Also here the concept of identity governance: https://docs.microsoft.com/en-us/azure/active-directory/governance/