I recently ran a disaster recovery test and used the emergency break glass account for Microsoft 365, but it got blocked because the sign-in came from an unfamiliar location. I want to know what extra settings or configurations I can implement to ensure this doesn't happen in a real emergency, while still keeping the account secure.
3 Answers
Check the sign-in logs to see what caused the block. Break glass accounts should be excluded from all conditional access policies except the ones specifically meant for them; it's usually tied to some risk-based policy.
Have you checked if you have security defaults or conditional access (CA) policies for risky sign-ins? If you have CA policies set up, make sure to exclude your break glass accounts from them.
Thanks. This is a great place to look.
I second the CA issue, but what we do is add a conditional access policy that restricts break glass accounts to only allow access from named locations – basically, we limit the IPs they can log in from to our main or branch office addresses.
I like this methodology. Thanks!
Yep, sounds like someone forgot to exclude it!