Microsoftcrocosoft Your comment is the exact reason we found our way to this article. I don't want to type in my high privilege administrator password when accessing servers, but the only other option appears to be complex smartcard login setups with a PKI or WHfB. Even if I was willing to entertain the smartcard route, I'm having a very difficult time understanding how this would be configured for us with RDP. WHfB seems like the simpler/smarter solution here, but we're not supposed to sync high privilege admin accounts to Azure.
My thought is to sync the high privilege accounts to Azure, give them a Entra ID P1 license and use Conditional Access to ensure where and how they log in is very limited. Even with this, we're still syncing these accounts to Azure.
We're a small company and don't have thousands of dollars to spend on a third-party solution to manage this issue and the complexity this sort of setup introduces may make our environment less, not more, secure. What's the best practice for companies in our situation?
