Power Community

Power Community

How to Implement a Break Glass Account in Azure Active Directory

image

The identity portion of setting up the account is like any other registration. You need to make sure you use @.onmicrosoft.com as the Username. Then you need to name your account. We suggest you use something recognizable, like Emergency Access Account or a break glass account, so you can easily distinguish this account from the others in Azure AD. After filling in those fields, type your first and last name. 

This account should have a strong password, with at least 16 characters and as complex as possible (with both capital and small letters, numbers, and special characters). We strongly suggest using our option to generate a strong password and store it in a safe place. A hard-to-guess, complex password protects your account from unauthorized access or hacking. In addition, you should assign the GlobalAdmin role to your account, so it has all privileges needed to help you in emergencies.  

Your account should be top secret and excluded from all built-in access control policies, since you will be the one using the account in exceptional cases. Your break glass account should be excluded from all the following services: 

  • Azure AD conditional access policy.
  • Azure MFA 
  • SSPR 
  • Azure Identity protection 

This post was originally published on this site

- Advertisement -spot_img

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -spot_img
- Advertisement - Advertisement

Latest News

SharePoint Roadmap Pitstop: November 2022

Gobble, gobble - time to gobble up all the updates that landed for SharePoint and related tech in the...

More Articles Like This

- Advertisement -spot_img