06-14-2018 11:19 PM
06-15-2018 12:58 AM
In our corporate case, we have only dedicated admin accounts per "User Admin" similar to adm_userLogin created on the internal AD Domain and synched to AAD
Each of those accounts are not associated with any Office 365 licenses and the Admin permission are given depending of the technology knowledge (Exchange, SP, …)
Those account don't have the MFA enable anyway to not fight with the multiple authentification issues.
06-15-2018 01:01 AM
E.g we have one "master account" to manage our Azure subscriptions. We are several people that need to login on this to manage the subscriptions.
Also our Sharepoint guys need to share an account for working with Flow, where they need one account to create flows.
06-15-2018 01:11 AM
The case is the same here (more than 50'000 employees), so we are splitting the roles as following:
The situation was quite acceptable in the past because the isolation was ok, but with the new Office Group positioning, that is less and less sustainable.
From what I understood the dedicated admin will be removed and the admin permission will be transferred only to the support team.
Some other aspect are pushing us in that directly with the GPDR regulations, the US and SG regulations, …
So we will continue with that separation of account for Admin and support as explained before but the associated role will probably change a little bit.
About the developers case, we have that question for Flows & PowerApp but also for PowerBI dev and we defined to create shared service accounts (without MFA) delivered to the "Publisher", the developer will work into dedicated space (site collection or groups/teams)
Hope that will help you.
06-15-2018 10:15 AM
You can configure some desk phone (or even VOIP number) as the auth number, and handle the 2FA challenge. Alternatively, you can configure MFA bypass based on "trusted IPs". Using a GA without MFA is a bad practice, however secure you think the password is (even ignoring the fact you are sharing the password between several people).
by finsfree on May 27, 2020
by Adam Weldon-Ming on May 20, 2020
by River1045 on October 30, 2019
by Scott Schnoll on November 27, 2019
by Tom Batcheler on October 09, 2017
by Anne Michels on September 26, 2017