You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.
You plan to create an emergency-access administrative account named Emergency1. Emergency1 will be assigned the Global administrator role in Azure AD. Emergency1 will be used in the event of Azure AD functionality failures and on-premises infrastructure failures.
You need to reduce the likelihood that Emergency1 will be prevented from signing in during an emergency.
What should you do?
- Configure Azure Monitor to generate an alert if Emergency1 is modified or signs in.
- Require Azure AD Privileged Identity Management (PIM) activation of the Global administrator role for Emergency1.
- Configure a conditional access policy to restrict sign-in locations for Emergency1 to only the corporate network.
- Configure a conditional access policy to require multi-factor authentication (MFA) for Emergency1.