Forum Discussion
Security Defaults and Break Glass Account
I have an O365 tenant and am considering enabling Security Defaults. The documentation says that this will require MFA for all administrator accounts.
Microsoft also recommends setting up a "break-glass" administrator account that does not have MFA enabled.
I can't find anywhere how to set up a 'break-glass" account without MFA and also have Security Defaults enabled. Does anyone know?
- I didn’t think of TAP which is a great feature. This is a workaround.
https://janbakker.tech/break-glass-accounts-and-azure-ad-security-defaults/
5 Replies
- I didn’t think of TAP which is a great feature. This is a workaround.
https://janbakker.tech/break-glass-accounts-and-azure-ad-security-defaults/ No. Conditional Access doesn't help.
According to:
https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-conditional-access?view=o365-worldwide
"You can use either security defaults or Conditional Access policies, but you can't use both at the same time."
John Twohig you’re 100% in noticing this contradiction with security defaults and break glass accounts in the documentation from Microsoft . Unfortunately, like you noticed, there isn’t any way to use security defaults and have a break glass account that’s excluded from MFA that I’m aware of.
