Best Practices for Granting Azure Access to External Support Vendors

0
1
Asked By TechWanderer42 On

I'm trying to figure out how to securely give an external vendor access to configure Azure resources. They have remote workers who need to access these resources using a guest account from a different tenant, but here's the catch: they can't use multi-factor authentication (MFA) because the account needs to be open for any team member to access, and their support staff is spread out across various locations. What's the best way to set this up while ensuring security?

4 Answers

Answered By SecureAdmin88 On

It's actually risky to allow a shared account without MFA. I recommend pushing for MFA and suggesting they use modern password managers that support it for their team members. If they struggle with this setup, it raises serious questions about how they handle other sensitive accesses. In our setup, we only allow named contacts and require that guests be added to the tenant for access.

Answered By VendorVigilant On

Before proceeding, consider discussing with the vendor the importance of a secure setup. Relying on shared credentials is a huge risk, especially for support roles that need access. Shared accounts really limit your audit trails, and I suggest ensuring that they know about proper setups for guest accounts. If they don’t know how to manage MFA, you may want to think twice about continuing that partnership.

Answered By CloudGuru99 On

I think giving each remote worker their own guest account is a much better approach! This way, you ensure non-repudiation and proper tracking. You can configure conditional access to require MFA and use Privileged Identity Management (PIM) to enforce activation and time limits on their access to roles. This setup offers much more security and control.

Answered By AzureNinja77 On

The ideal way to do this is by inviting them as external users instead of giving shared access. If they are unfamiliar with how to implement MFA or share TOTP codes, it might be time to rethink your relationship. Plus, using tools like Entra Identity Governance can help manage onboarding through access packages, making it a smoother and more secure process.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.