Jump to content
OpenSecurity.global
  • Recently Browsing   0 members

    No registered users viewing this page.

Sign in to follow this  
Ian Chisholm

Office365/Azure admin accounts

Recommended Posts

Sooo.

We are obviously doing MFA, and microsoft is (soon) forcing MFA on O365 and Azure admin accounts anyway, But is anyone out there looking at Disaster Recovery policies and processes for when MFA goes belly up?

How do you plan to access those accounts and potentially grant non MFA access to users in an emergency for business continuity? We are using Azure MFA, not Duo, etc.

Good enough to force non cellphone related MFA?

Take the day off when this happens, as it did in Nov, 2018?

 

Share this post


Link to post

For me it's basically the same as what do you do if Office365 goes offline again - you wait for MS to fix it sadly.

  • Sad 2

Share this post


Link to post

I was SO hoping there would be something else!!!

Edited by Ian Chisholm

Share this post


Link to post
1 hour ago, Ian Chisholm said:

I was SO hoping there would be something else!!!

I guess you could have a break glass admin account outside of MFA policy - then use that to reconfigure things if things go wrong.  If you use Conditional Access I guess you could whitelist everything to bypass MFA then.

Share this post


Link to post

Aye, that’s Microsoft best practice advice. And don’t mirror MFA methods in case, for example, mobile network is down.

theres a decent link (below) but the MFA requirement is still there.

link: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-emergency-access

So I’ll add “and keep your fingers crossed” to the policy document!

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Members online now

    No members to show

×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy