Forum Discussion
MFA breakglass account recommendations?
Hi folks. Looking at the new Authentication Methods settings, and trying to consider the scenario where someone disables all of these methods by accident. We require MFA on all accounts (using the '...
You should still be able to configure MFA when they are excluded from CA Policies.
Microsoft recommends at least two cloud-only ga accounts, excluded from Conditional Access, secured with strong methods like FIDO2 keys. You still have access if MFA methods are accidentally disabled or CA misconfigured - https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/security-emergency-access
Yubi Keys are generally the way to go..
Let me know if I didn't understand the question well and I'll try to give a better answer