A Microsoft Entra Emergency Account (Break Glass Account) is a highly privileged account for emergency access to Azure resources in critical situations when traditional access paths are not available. For example, this may be a service outage, so that multi-factor authentication cannot be performed via a mobile phone. The use of emergency accounts is strictly controlled, monitored and restricted.
Tag: Directory Page 1 of 2
Are you looking for information about Active Directory? In this archive you will find all our posts about Active Directory.
Microsoft offers with Azure AD B2B Direct Connect for shared channels in Microsoft Teams a feature that simplifies management for collaboration with external partners in teams.
Until the release of Azure AD B2B Direct Connect, an external partner was invited to the tenant as a guest and authorized in Microsoft Teams (Azure AD B2B Collaboration). The external partner then received an email with instructions for further steps.
When looking in to the own Azure Active Directory everyone notes: each external user gets a guest account in our own Azure Active Directory. Whether the guest account is still in use or not, it will always remain in Azure Active Directory until it is manually deleted.
Azure Active Directory Cloud Sync is a software that synchronizes objects from Active Directory to Azure Active Directory.
Azure AD Connect cloud synchronization orchestrates the provisioning of AD objects to Azure AD in Microsoft Online Services. Locally only a simple agent is needed.
The entire synchronization configuration is set up in the Azure Portal (https://portal.azure.com). Azure AD Cloud Sync supports high availability by installing the agent on multiple servers.
This tutorial describes how to install and configure Azure AD Cloud Sync.
Permissions for Microsoft 365 groups or applications can change constantly. This makes the effort of checking permissions time-consuming and inefficient.
With the Azure Active Directory feature “Access Review”, this task can be largely automated and inactive users and guests can be removed from the Microsoft 365 groups and applications with just a few clicks.
Users can use the same credentials for on-premises and cloud-based services with Seamless SSO. There is no need for recurring prompts to enter credentials between services. The necessary data are automatically synced between Active Directory and Azure Active Directory.
When configuring Seamless SSO, the computer account “AZUREADSSOACC” is created. For security reasons, the Kerberos encryption key for this account should be rolled over every 30 days.
This tutorial describes how to manually roll over the Kerberos decryption key every 30 days.