-
Notifications
You must be signed in to change notification settings - Fork 2
Azure AD Directory Roles
Chad Cox edited this page Apr 5, 2022
·
2 revisions
- Can be two Breakglass
- Should be no more than 5 active user accounts
- No Service Principals
- My Guidance is if a user is in Global Admin they should always be in global reader. Then on the rare occasion elevate to global admin.
- Exclude breakglass from every conditional access policy
- Do not register any mfa except possibly fido2
- Change password every 90 days and store in a secure non digital method.
- Should have at least two
Reference: Manage emergency access accounts in Azure AD