The identity portion of setting up the account is like any other registration. You need to make sure you use @.onmicrosoft.com as the Username. Then you need to name your account. We suggest you use something recognizable, like Emergency Access Account or a break glass account, so you can easily distinguish this account from the others in Azure AD. After filling in those fields, type your first and last name.
This account should have a strong password, with at least 16 characters and as complex as possible (with both capital and small letters, numbers, and special characters). We strongly suggest using our option to generate a strong password and store it in a safe place. A hard-to-guess, complex password protects your account from unauthorized access or hacking. In addition, you should assign the GlobalAdmin role to your account, so it has all privileges needed to help you in emergencies.
Your account should be top secret and excluded from all built-in access control policies, since you will be the one using the account in exceptional cases. Your break glass account should be excluded from all the following services:
- Azure AD conditional access policy.
- Azure MFA
- Azure Identity protection