Mastodawn

Ryan Fisher Apr 29, 2025

#m365 #breakglass #maturitymodel | Graham G. | 35 comments

https://www.linkedin.com/posts/graham-gold_m365-breakglass-maturitymodel-activity-7317135482914557953-DNUb

> There’s been some debate this week about creating a breakglass application in your M365/Entra tenant. I raised some concerns and I know Merill Fernando has a poll running on it. I wanted to flip it around, lest someone suggest I’m just being negative - so here’s my initial thoughts on an #M365 #Breakglass #MaturityModel Let me know your thoughts! | 35 comments on LinkedIn

#m365 #breakglass #maturitymodel | Graham G. | 30 comments

There’s been some debate this week about creating a breakglass application in your M365/Entra tenant. I raised some concerns and I know Merill Fernando has a poll running on it. I wanted to flip it around, lest someone suggest I’m just being negative - so here’s my initial thoughts on an #M365 #Breakglass #MaturityModel Let me know your thoughts! | 30 comments on LinkedIn

Lukas Beran Feb 19, 2025

𝐇𝐎𝐖 𝐓𝐎 𝐌𝐀𝐍𝐀𝐆𝐄 𝐁𝐑𝐄𝐀𝐊-𝐆𝐋𝐀𝐒𝐒 𝐀𝐂𝐂𝐎𝐔𝐍𝐓𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐄𝐍𝐓𝐑𝐀 𝐈𝐃

When you start tightening the requirements for access to your corporate cloud, it can be easy to accidentally lock yourself out and cut yourself off from access to the admin interface.

Alternatively, some part of Microsoft Entra ID may fail. For example, there have been a couple of times in the past where multi-factor authentication in Microsoft Entra ID has had a failure and you couldn’t authenticate.

That is why you need break-glass accounts.

📺 Watch my YouTube video bellow on how to manage break-glass accounts 👇 👇
https://youtu.be/Q2vicBapspg

#cswrld #breakglass #entraid #accountmanagement

How to manage break-glass accounts in Microsoft Entra ID | Cybersecurity World

YouTube

Lukas Beran Jun 27, 2024

When you start tightening the requirements for access to your corporate cloud, it can be easy to accidentally lock yourself out and cut yourself off from access to the admin interface.

📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐏𝐚𝐭𝐫𝐞𝐨𝐧 (English)
https://www.patreon.com/posts/how-to-manage-in-106992112?utm_medium=clipboard_copy&utm_source=copyLink&utm_campaign=postshare_creator&utm_content=join_link

📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐅𝐨𝐫𝐞𝐧𝐝𝐨𝐫𝐬 (Czech)
https://www.forendors.cz/p/c8ac8e06453db7209766462f5c0a7c6e

📺 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐫𝐞𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐨𝐧 𝐇𝐞𝐫𝐨𝐡𝐞𝐫𝐨 (Czech)
https://herohero.co/cswrld/post/bceroxowdykkdcifoajqbhvvwhswsg

👍Share, like, comment!

#video #tutorial #cswrld #breakglass #entraid

PeggyStuart May 19, 2024

When women finally make it through the #GlassCeiling, women of color and women who are different in other ways are going to have another barrier to break through.
In case of emergency, #BreakGlass !

Sass, David May 17, 2024

Will #Microsoft break your #BreakGlass account with this?

https://infosec.exchange/@merill/112454421587406259

Merill #microsoft #azuread :verified: :donor: (@[email protected])

Folks, there is an update with additional details on the Microsoft will require MFA for all Azure users post. Here's a quick summary. ✅ Scope → Azure Portal → CLI → PowerShell → Terraform to administer Azure resources 👥 Impact on end users The following will be impacted only if they are signing into administer. Apps/sites hosted on Azure are not impacted. → Students → Guest users → other end-users 🚫 Exclusions Token-based accounts used for automation are excluded, including → Service principals → Managed identities → Workload identities 📆 Timeline Beginning July 2024, a gradual rollout of the portal will commence. Once completed a similar gradual rollout will start for → CLI → PowerShell → Terraform 📲 MFA Methods All Entra ID MFA methods will be available. ⛔ Exceptions There will be no opt-out. An exception process will be provided for cases where no workaround is available. 💌 Communication Microsoft will send detailed information and timelines through official emails. This blog post was to raise awareness. Read the full post and comments at https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/microsoft-will-require-mfa-for-all-azure-users/ba-p/4140391 ✅ Rolling out MFA to your users If there is one takeaway that I can share. It is to start enrolling your Azure users for MFA if you haven't already. Here's a quick guide. **Using MFA Registration Policy** If you have E5 (Entra ID P2) it's as simple as configuring this MFA registration policy which will ensure your users have at least one form of MFA set up https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-configure-mfa-policy If you don't have E5 see below on how you can report on users without MFA and send targeted comms. **Conditional Access policy for MFA** Alternatively if you have P1 you can create a conditional access policy requiring MFA. This will force users to register for MFA if they haven't set one up for their account. NOTE: If you don't have a conditional access policy for MFA I strongly recommend you create one using the template at https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-azure-management **Monitoring MFA Registration** You can monitor who has registered for MFA using the authentication methods registration report. See learn.microsoft.com/entra/identity/authentication/howto-authentication-methods-activity This can also be used by those who don't have P2 to monitor and send targeted comms to users that don't have MFA. Here's a PowerShell script I've shared previously to quickly get a report of the MFA state of all your users. github.com/orgs/msgraph/discussions/41 **MFA email templates ** We also provide email templates that you can use to inform your users about MFA and why you are rolling it out. Download them from aka.ms/entratemplates Found this useful? Please bookmark, like and repost to raise awareness. **It's 2024. Let's get secure and keep the baddies out.**

Infosec Exchange

Lukas Beran Dec 11, 2023

Do you have break-glass accounts created in your environment? And properly configured? Do you know how to secure break-glass accounts?

Break-glass accounts are emergency access accounts that allow you to access your environment even when normal access does not work. For example during an outage of some service. Or when you lock yourself out due to a mistake in a conditional access policy for example. #cybersecurity #tips #breakglass #accounts #entraid #emergencyaccess https://www.cswrld.com/2023/12/how-to-manage-break-glass-accounts-in-microsoft-entra-id/

Show thread

Sass, David Nov 4, 2023

It seams I was able to use #EntraID Privileged Identity Management to #PIM up to Security Administrator using an account which had an ongoing session, and I could fix the #CAP so I can use the #BreakGlass account again now.

Show thread

Sass, David Nov 4, 2023

At least the #BreakGlass account detection is working, I got 10 emails....

It is a shame I can't investigate as I can't sign-in.

Show thread

Sass, David Nov 4, 2023

#AzureAD #MFA is having a bad day right now, I can't sign-in into #Microsoft #EntraID with my admin accounts.

And since I messed up the #ConditionalAccessPolicy exclusions my #BreakGlass account is useless too.