What is best practice to secure admin script account in AAD?

wick111 1 Reputation point
2020-01-03T14:50:38.523+00:00

Looking for best practice ideas to secure an elevated account used in scripts. MFA really isn't an option.

THX> Eric

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,098 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Lukas Beran 176 Reputation points
    2020-01-03T18:17:23.25+00:00

    Hi Wick.

    You should never store credentials in plain text directly in scripts/config files. You should always use Azure AD apps / Service Principals.

    0 comments No comments

  2. Vasil Michev 92,596 Reputation points MVP
    2020-01-03T18:40:54.793+00:00

    MFA is the best practice, period. You can bypass the MFA requirement by whitelisting the IP address or using an AAD Joined device, while at the same time making sure that all external attempts will fail.

    0 comments No comments

  3. Konrad 'Sagus' Sagala 81 Reputation points MVP
    2020-01-05T09:32:51.217+00:00

    You can also use Azure Key Vault as your password repository, if you don't want to use MFA.

    0 comments No comments