Power Community

Power Community

How to Implement a Break Glass Account in Azure Active Directory


The identity portion of setting up the account is like any other registration. You need to make sure you use @.onmicrosoft.com as the Username. Then you need to name your account. We suggest you use something recognizable, like Emergency Access Account or a break glass account, so you can easily distinguish this account from the others in Azure AD. After filling in those fields, type your first and last name. 

This account should have a strong password, with at least 16 characters and as complex as possible (with both capital and small letters, numbers, and special characters). We strongly suggest using our option to generate a strong password and store it in a safe place. A hard-to-guess, complex password protects your account from unauthorized access or hacking. In addition, you should assign the GlobalAdmin role to your account, so it has all privileges needed to help you in emergencies.  

Your account should be top secret and excluded from all built-in access control policies, since you will be the one using the account in exceptional cases. Your break glass account should be excluded from all the following services: 

  • Azure AD conditional access policy.
  • Azure MFA 
  • SSPR 
  • Azure Identity protection 

This post was originally published on this site

- Advertisement -spot_img


Please enter your comment!
Please enter your name here

- Advertisement - Advertisement

Latest News

Outsource your Dynamics 365 CRM and Power Platform Development: 3 Reasons Why

Inogic specializes in outsourced development for Microsoft technologies like Dynamics 365 CRM, Azure Open AI, and Power Platform. Drawing...

More Articles Like This

- Advertisement -spot_img