This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 57.99999999999999%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EW%3C/text%3E%3C/svg%3E)
Looking for best practice ideas to secure an elevated account used in scripts. MFA really isn't an option.
THX> Eric
Hi Wick.
You should never store credentials in plain text directly in scripts/config files. You should always use Azure AD apps / Service Principals.
MFA is the best practice, period. You can bypass the MFA requirement by whitelisting the IP address or using an AAD Joined device, while at the same time making sure that all external attempts will fail.
You can also use Azure Key Vault as your password repository, if you don't want to use MFA.