What is best practice to secure admin script account in AAD?

wick111 1 Reputation point
2020-01-03T14:50:38.523+00:00

Looking for best practice ideas to secure an elevated account used in scripts. MFA really isn't an option.

THX> Eric

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,514 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lukas Beran 171 Reputation points
    2020-01-03T18:17:23.25+00:00

    Hi Wick.

    You should never store credentials in plain text directly in scripts/config files. You should always use Azure AD apps / Service Principals.

  2. Vasil Michev 66,331 Reputation points MVP
    2020-01-03T18:40:54.793+00:00

    MFA is the best practice, period. You can bypass the MFA requirement by whitelisting the IP address or using an AAD Joined device, while at the same time making sure that all external attempts will fail.

  3. Konrad 'Sagus' Sagala 81 Reputation points MVP
    2020-01-05T09:32:51.217+00:00

    You can also use Azure Key Vault as your password repository, if you don't want to use MFA.