I'm curious about the best practice for creating Break Glass user accounts. Should I be using an email like [email protected], or is it better to go with [email protected]?
2 Answers
I agree! Microsoft suggests using the onmicrosoft.com domain for emergency access accounts. This helps ensure they are separate from your daily operations. Check out their guidelines for more info: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/security-emergency-access#create-emergency-access-accounts
Using onmicrosoft.com is a no-brainer for security!
Definitely go with the .onmicrosoft.com domain for your Break Glass accounts. That's the recommended way to keep them secure and isolated from your regular domain use.
Thanks for the link, that's super helpful!