What is best practice to secure admin script account in AAD?

wick111 1 Reputation point

Looking for best practice ideas to secure an elevated account used in scripts. MFA really isn't an option.

THX> Eric

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,903 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Lukas Beran 171 Reputation points

    Hi Wick.

    You should never store credentials in plain text directly in scripts/config files. You should always use Azure AD apps / Service Principals.

    0 comments No comments

  2. Vasil Michev 71,626 Reputation points MVP

    MFA is the best practice, period. You can bypass the MFA requirement by whitelisting the IP address or using an AAD Joined device, while at the same time making sure that all external attempts will fail.

    0 comments No comments

  3. Konrad 'Sagus' Sagala 81 Reputation points MVP

    You can also use Azure Key Vault as your password repository, if you don't want to use MFA.

    0 comments No comments