This week, I implemented several critical security measures in Azure Active Directory (now Microsoft Entra ID) that every organization should consider. Let’s walk through the key implementations:
1. Break Glass Account Setup
Break glass accounts are emergency access accounts that help maintain access during identity system failures. Here’s how to set one up:
- Create a dedicated emergency access account
- Store credentials securely (I used a password manager)
- Configure exemptions from Conditional Access policies
- Share access with minimal required administrators
- Document the process and access procedures
2. Conditional Access for Admin Roles
Implemented stronger MFA controls for administrative roles:
- Created a dedicated CA policy for admin roles
- Excluded break glass account only
- Enforced MFA explicitly rather than through ‘All Users’ policy
- Audited current admin accounts for MFA compliance
3. Legacy Authentication Control
To improve security posture:
- Created a Conditional Access policy in Report-Only mode
- Monitored for legacy auth usage
- Verified no active legacy auth dependencies
- Prepared for policy enforcement
4. Infrastructure Cost Optimization
Optimized cloud resources by decommissioning unused Kubernetes clusters after migration to Azure Container managed services. This demonstrates how regular infrastructure audits can lead to significant cost savings while maintaining security.
These implementations follow Microsoft’s security best practices and create a more resilient identity management system.