Forum Discussion
Protecting Breakglass account with 3rd party MFA?
Hi, As recommended by Microsoft, we have configured our tenant to enforce a Conditional Access policy for all our Global admin accounts BUT for an account that we will use only in case of a situa...
Protecting the break glass account with additional authentication security is something that causes great debate among my fellow consultants. One possible solution could be to use an OAuth token such as a Yubikey device. You could have a couple of break glass accounts, and get a couple of these tokens, give them to different people and get them to lock them away in a fire proof safe if they have access to one.
It is slightly annoying that Microsoft do suggest that you protect your break glass accounts with an alternative authentication, but do not provide best practice recommendations on how to do this.
