Dec 14 2022 12:44 PM
I have an O365 tenant and am considering enabling Security Defaults. The documentation says that this will require MFA for all administrator accounts.
Microsoft also recommends setting up a "break-glass" administrator account that does not have MFA enabled.
I can't find anywhere how to set up a 'break-glass" account without MFA and also have Security Defaults enabled. Does anyone know?
Dec 14 2022 04:34 PM
Dec 15 2022 07:35 AM
No. Conditional Access doesn't help.
According to:
Security defaults and Conditional Access - Microsoft 365 Business Premium | Microsoft Learn
"You can use either security defaults or Conditional Access policies, but you can't use both at the same time."
Dec 19 2022 05:51 AM
@John Twohig you’re 100% in noticing this contradiction with security defaults and break glass accounts in the documentation from Microsoft . Unfortunately, like you noticed, there isn’t any way to use security defaults and have a break glass account that’s excluded from MFA that I’m aware of.
Dec 20 2022 10:59 AM
Dec 21 2022 01:22 PM
SolutionDec 21 2022 01:22 PM
Solution