You need to reduce the likelihood that Emergency1 will be prevented from signing in during an emergency. What should you do?

Posted on by Leave a comment

You have a Microsoft 365 tenant.

The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.

You plan to create an emergency-access administrative account named Emergency1. Emergency1 will be assigned the Global administrator role in Azure AD. Emergency1 will be used in the event of Azure AD functionality failures and on-premises infrastructure failures.

You need to reduce the likelihood that Emergency1 will be prevented from signing in during an emergency.

What should you do?

  • Configure Azure Monitor to generate an alert if Emergency1 is modified or signs in.
  • Require Azure AD Privileged Identity Management (PIM) activation of the Global administrator role for Emergency1.
  • Configure a conditional access policy to restrict sign-in locations for Emergency1 to only the corporate network.
  • Configure a conditional access policy to require multi-factor authentication (MFA) for Emergency1.

Leave a comment