As you know, Microsoft recommends to use break glass accounts and exclude them from your security configuration. These break glass accounts can be used in case of emergency, for example when there are issues with Microsoft Entra Id Conditional Access. In most cases these break glass accounts are protected by complex passwords only, making them vulnerable for attack.

In this session, I will discuss and demonstrate a more secure alternative to using break glass accounts as we know them today. This alternative uses a multi layered authentication flow without the need for MFA.

I will show the solutions architecture, and how all components are connected and automated using Graph API. Next I will demonstrate how to login using a certificate allowing you to modify permissions needed to change your CA policies.

At the end of the session, we have created a multi-layered password less emergency account using a Zero Trust philosophy.