Event details
JaySimmons
Microsoft
MicrosoftWe are planning the new GUI only for onprem AD password retrieval. In theory one could be done for AAD\Entra but those products have mgmt portals which already make it easy.
It’s definitely not a streamlined process though. For a helpdesk person who does this dozens of times a day (we have pretty locked-down student devices so almost every incident requires an elevation) it’s a real pain. Would it be possible to make something similar with Graph API?
- Shouldn't the helpdesk people have their own privileged accounts? I generally try to discourage using local admin accounts unless it's truly necessary.
- JaySimmonsIn the end the decision is up to the customer, but there are some good reasons for using local accounts for a helpdesk\break-glass style situation. One benefit is that if you are concerned that the device might be compromised, you are not making things any worse by authenticating to it with a local account that already belongs to that device (blast-area-reduction measure as it's sometimes described).
- Good points to consider. Thanks!
- JaySimmonsHi Chris yes a fat GUI to retrieve passwords could be built on top of Graph API with modern auth, no problem. Appreciate your feedback, will add it to my list for consideration.
