Protecting Breakglass account with 3rd party MFA?

Hi,

As recommended by Microsoft, we have configured our tenant to enforce a Conditional Access policy for all our Global admin accounts BUT for an account that we will use only in case of a situation where other global admin accounts would not be able to sign-in. As recommended, this "breakglass" account is a cloud account, its UPN is using the onmicrosoft.com domain and it is excluded from all Conditional access policies, especially the one that enforces MFA for global admins.

I'm trying to find some ways to protect this brreakglass account and for now, all I've done is configuring Azure AD logs export to Azure Log Analytics and use Log Analytics to query the Azure AD sign-in logs every 5 minutes to see if the breakglass account signed-in. If this happens, an alert is send by email and SMS to the IT admins so that they can react quickly if the account has been compromised. Of course, We've configured a complex password as well that is known by almost no one.

What I would like to do now is to configure another MFA solution for this account. By that I mean that evert standard user would use the Azure MFA based on the Conditional Access but I would integrate as well a 3rd party MFA solution to be used specifically by the breakglass account. I don't know if this is possible. If not, what else should I do to better secure this sensitive account?

Any idea is welcomed!

Thanks