Will MFA be required on Break Glass accounts

Terry Blake 0 Reputation points
2024-09-03T17:29:03.2233333+00:00

We have setup Break Glass access in the event our main accounts are compromissed and we are locked out. Will the new MFA reuiements apply to thise accounts

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
830 questions
{count} votes

2 answers

Sort by: Most helpful
  1. akinbade abiola 18,305 Reputation points
    2024-09-03T17:36:08.7866667+00:00

    Hello Terry Blake,

    Thanks for your question.

    Yes, Break glass or emergency access accounts are also required to sign in with MFA once enforcement begins. We recommend updating these accounts to use passkey (FIDO2) or configure certificate-based authentication for MFA. Both methods satisfy the MFA requirement.

    See: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mandatory-multifactor-authentication#applications

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola


  2. Terry Blake 0 Reputation points
    2024-09-09T16:52:23.41+00:00

    We have additional concerns for the MFA requirements. Currently we have CA rules in place and have created exceptions to MFA enforcement for Service mailboxes. with Delegated users. Will this over ride the MFA exceptions by the new MFA enforced policy effective Oct 15th- 2024?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.