InfoSec-Specific Executive Development for CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive labs to build you and your team's InfoSec skills
If organizations provision break-glass access in Azure Active Directory (AD), we recommend using native tools to ensure continued administrative access.
By leveraging password vaulting or multifactor authentication (MFA), the access can be secured against accidental or malicious use. This piece explains the primary options to consider and pitfalls to avoid when creating a break-glass capability in
Break-glass access is a resiliency tactic to ensure privileged and administrative access in the event of an outage or availability impact. This could be due to personnel issues, for example, when the individual who normally performs these tasks and has
administrative access in the Azure tenant becomes unreachable or unavailable. More often, it is due to an outage in primary or secondary authentication. The identity provider is down and the primary credentials for normal administrators become unavailable.
Alternatively, the MFA service is down and, therefore, the secondary credentials for normal administrators are unavailable. Because accidents happen, it is important to have a backup set of privileged credentials.
A break-glass credential is unused except in case of emergency. The account must be a shared account and it must not belong to one individual. In fact, the two-person rule – where access requires the presence of two authorized people, and no one
person can achieve access alone – is typically part of the break-glass model.
There are three commonly used patterns for creating emergency administrative credentials:
When you provision the emergency credential in Azure AD as a global administrator account, consider:
The following are common mistakes to avoid with break-glass accounts:
Break-glass access is an important resiliency tactic. To ensure success, consider:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
September 23, 2021
By IANS Faculty
In this piece we share insights into what security teams want to know about ransomware prevention as well as tips from our Faculty on how to prevent ransomware attacks.
September 21, 2021
Gain a better understanding of the different types of CISO reporting structures and examine reasons for having a CISO report to technical director instead of a chief information officer (CIO) or another C-level executive.
September 16, 2021
Compare traditional AD vs. Azure AD, gain an understanding of how the two tools differ from a security perspective and find advice on how to deploy them successfully.