What is best practice to secure admin script account in AAD?

wick111 1 Reputation point

Looking for best practice ideas to secure an elevated account used in scripts. MFA really isn't an option.

THX> Eric

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,151 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Lukas Beran 176 Reputation points

    Hi Wick.

    You should never store credentials in plain text directly in scripts/config files. You should always use Azure AD apps / Service Principals.

    0 comments No comments

  2. Vasil Michev 98,206 Reputation points MVP

    MFA is the best practice, period. You can bypass the MFA requirement by whitelisting the IP address or using an AAD Joined device, while at the same time making sure that all external attempts will fail.

    0 comments No comments

  3. Konrad 'Sagus' Sagala 81 Reputation points MVP

    You can also use Azure Key Vault as your password repository, if you don't want to use MFA.

    0 comments No comments