User accounts for people in the organization and other privileged access are federated, and the federation implementation becomes unavailable. To avoid misuse of the emergency access account(s), a good solution would be to have people notified when the account is used to sign in.Īn organization might need to use an emergency access account in Azure Active Directory, when: Of course, to meet all emergency situations, these accounts are not governed through any Conditional Access policy they don’t require multi-factor authentication when signing in and they’re not limited to certain locations or device specifics.Īs these accounts only live in Azure Active Directory and typically have a username that ends in *., sign-ins for these accounts typically don’t end up in on-premises Security Incident and Event Management (SIEM) implementations, either.Īs a result, emergency access to Azure AD is a blind spot in many organizations. 
The challenge with emergency access accounts is that they have the highest privileges in Azure Active Directory (and beyond) through the Global Administrator role, are not assigned to specific people in the organization (they are not ‘named accounts’). The challenge with emergency access accounts For administrative access at al times and under all circumstances, Microsoft recommends to create at least one emergency access account in Azure Active Directory when an organization has Azure AD Premium P1 and/or Azure AD Premium P2 licenses assigned to their users and admins. Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance.
0 kommentar(er)
