Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Looking for best practice ideas to secure an elevated account used in scripts. MFA really isn't an option.
You should never store credentials in plain text directly in scripts/config files. You should always use Azure AD apps / Service Principals.
MFA is the best practice, period. You can bypass the MFA requirement by whitelisting the IP address or using an AAD Joined device, while at the same time making sure that all external attempts will fail.
You can also use Azure Key Vault as your password repository, if you don't want to use MFA.