SOLUTIONS
Break-glass / Emergency Admin Access Accounts
To ensure system access during emergencies within the Microsoft Cloud ecosystem, we provide a specialized security solution.
The solution includes:
- Creation of two “Break-glass” accounts: These accounts are added to a dedicated Emergency Access user group, which is configured as an exception to standard security policies (such as Conditional Access).
- FIDO2 Security Keys: Setting up new physical security keys (USB, based on the latest FIDO2 standard) for each account to be used during emergency logins.
- Secure Documentation: A specialized document containing the username, key serial number, and unlock PIN. The physical key is stored in one secure location, while the document is stored separately (e.g., in a safe or a remote secondary location) to ensure redundancy.
- Operating Instructions
Use Case: Business Continuity for Tenant Administration
This account functions as a “break-glass” or emergency key, ensuring system access when standard methods fail due to technical outages, Microsoft service disruptions, or MFA issues. Its primary purpose is to enable full system recovery in critical scenarios, such as the sudden departure of a global administrator, a change in IT service providers, or security misconfigurations that would otherwise result in a total lockout.
Contact us today to schedule your implementation before it’s too late.
