M365 Break Glass Accounts – full guide

🔒 Secure Bits 💡

𝗕𝗿𝗲𝗮𝗸-𝗴𝗹𝗮𝘀𝘀 𝗮𝗰𝗰𝗼𝘂𝗻𝘁𝘀: 𝗳𝘂𝗹𝗹 𝗴𝘂𝗶𝗱𝗲 (𝗣𝗗𝗙)

In my last post I talked about the “worst day” scenario: CA misconfig → admins locked out. Most orgs think they’re covered… until they test it.

As promised, 𝗵𝗲𝗿𝗲’𝘀 𝘁𝗵𝗲 𝗳𝘂𝗹𝗹 𝗣𝗗𝗙 𝗴𝘂𝗶𝗱𝗲 that walks you through a practical break-glass setup:

▪️ Naming

▪️ Permissions

▪️ Role-Assignable Security Group

▪️ Custom Break-glass Administrator role (Optional)

▪️ Restricted Management Administrative Unit (RMAU)

▪️ Authentication Methods

▪️ Conditional Access Configuration

▪️ Monitoring & Alerting

▪️ Operational Procedures

𝘈𝘶𝘵𝘩𝘰𝘳: Martin Strnad

💬 When was the last time you tested your break-glass access?

📎 Download the PDF in this post and keep it somewhere your team can actually find when things go sideways.