Attic helps you set up a Break Glass Account and monitor its use.
What is a Break Glass Account?
A Break Glass Account is used for emergency access, and is therefore also called an Emergency Access account.
The type of emergency referred to is when, for whatever reason, it is no longer possible to log in with an account with administrative rights. For example, if other admin accounts are locked after incorrect login attempts, or their MFA method does not work.
The Break Glass Account is therefore an account with administrative rights, with which access to the Microsoft 365 environment can be restored.
Multi-Factor Authentication
In the past, the Break Glass Account was kept free of MFA, precisely to be a backup in case MFA methods via SMS, for example, do not work. But with the new Microsoft guidelines, which will become active in October 2024, the Break Glass Account will also have to have an MFA method to be useful.
As an MFA method, it is important to choose an MFA method that is resistant to phishing and is also easily interchangeable. The best option that meets this requirement is a FIDO2 security key, such as a Yubikey.
Monitoring using Sentinel Add-on
Because the Break Glass Account is only intended for emergency situations, it should never be used in principle. This makes it easy to monitor for improper use: Attic, for tenants that are using the Attic Sentinel Add-on, will sound the alarm every time the Break Glass Account is used. If the use is correct, then such an alarm is a small effort to handle.
Comments
0 comments
Please sign in to leave a comment.