cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Remove MFA on Global Admin

Jeff Williams
Brass Contributor

‎Oct 18 2022 06:51 AM

‎Oct 18 2022 06:51 AM

Remove MFA on Global Admin

I came across and article, didnt save it. About best practices for MS security. It mentioned that MS actually recomends having a Global admin setup without MFA, for the purpose of being able to access the system if soehting happens to MFA.

 

Which seems to happen all the time for us, we have users who just seem to loose their MFA connection and we have to reset it.  

This would stink if it happened to our admin account.

Anyway, we use security default which seems to force MFA, my question is if there is a way to achieve this, and is this really a best practice? It sort of makes sense to me, but at the same time it doesnt really make sense.

2,400 Views
0 Likes
1 Reply
Reply
1 Reply
ChristianJBergstrom

‎Oct 18 2022 07:12 AM

‎Oct 18 2022 07:12 AM

Re: Remove MFA on Global Admin

With security default you enable MFA for all administrative account and require all users to set up for MFA and enforce MFA when Azure AD think it's necessary. I believe what you've been reading is about the "break glass" accounts that should be set up differently. This isn't possible using security defaults as you cannot use conditional access policies.
1 Like
Reply