Imagine a phishing attack compromising your admin account, putting your entire Microsoft 365 environment at risk—or a misconfigured policy locking out your team during a critical operation.
I implemented a break glass last year. Purview alerts in case account is used sounds interesting. I currently use log analytics which receive signin logs and I set up an alert there. I also used passkeys as Mfa for the account. I always stress that this account should be excluded from conditional access policies.
Break-glass accounts are really useful at the same time that they are very dangerous, right? These kinds of accounts must be managed very carefully for several reasons.
Setting MFA and Passkeys authentication for them is part of the discussion. Some people like to have them completely free, while others include them in the most secure configurations. Well, to be honest, I prefer the free option, as it can cover MFA or Passkeys problems without being compromised. But, as I said, the discussion is there as different ways of thinking.
I implemented a break glass last year. Purview alerts in case account is used sounds interesting. I currently use log analytics which receive signin logs and I set up an alert there. I also used passkeys as Mfa for the account. I always stress that this account should be excluded from conditional access policies.
Break-glass accounts are really useful at the same time that they are very dangerous, right? These kinds of accounts must be managed very carefully for several reasons.
Setting MFA and Passkeys authentication for them is part of the discussion. Some people like to have them completely free, while others include them in the most secure configurations. Well, to be honest, I prefer the free option, as it can cover MFA or Passkeys problems without being compromised. But, as I said, the discussion is there as different ways of thinking.