Identity Protection :emergency access and break glass

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email
Table of Contents

introduction

any organization might  require for an emergency account in the Azure Active Directory. for many difficult situation including but NOT limited to  : 

  • The administrator registers with Azure Multi-Factor Authentication (MFA) and all their personal devices are not available or even stolen 🙁 
  • All synchronized account with admin access are deleted and or disabled by malicious attack 
  • Unforeseen situation  like natural disasters or  earthquake, fire outbreaks etc. 
  • mobile service is NOT available from Internet service provider ISP 
in case of emergency : use emergency account

emergency account characteristics

 Emergency access account is a highly privileged cloud-only Azure AD user account that we’ll use only in an emergency.

  • Create two or more emergency access accounts. These accounts should be cloud-only accounts that use the @pioneers101.onmicrosoft.com domain and that are NOT @networkspioneers.com
  • emergency account should have the following characteristics :  
  • associated permanently with the Global Administrator Azure AD role
  • configured with a non-expiring password
  • exempt from Azure MFA policies [excluded] 
  • exempt from Conditional Access or Identity Protection policies
  • the account should  not be made eligible to activate the Global Administrator role via Azure AD Privileged Identity Management. PIM
  • The password you assign to the emergency access account should be at least 16 characters long and generated (pseudo)randomly
  • do not associate our emergency access account  with any human beings at your organization 
  • Must have a complex password, preferably split into two parts, stored in envelopes at two different secure locations in fireproof safes
  • Be sure to monitor break glass accounts in Azure AD sign-in logs and audit logs and act on any unexpected activity.
  •  

audit emergency account

Organizations should monitor sign-in and audit log activity from the emergency accounts and trigger notifications to other administrators.

When you monitor the activity on break glass accounts, you can verify these accounts are only used for testing or actual emergencies.

You can use Azure Log Analytics to monitor the sign-in logs and trigger email and SMS alerts to your admins whenever break glass accounts sign in.

Share this post
Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

About Me

Maher Mustafa islaieh

Our Power in Numbers

 17 

Courses

321

Articles

3,882

Images
and All configurations images are proudly made in Pioneers Lab

Articles By Course

Recent Articles

Subscribe

Contact us

have a challenge ? don’t hesitate to contact us