question

wick111 avatar image
0 Votes"
wick111 asked sagus answered

What is best practice to secure admin script account in AAD?

Looking for best practice ideas to secure an elevated account used in scripts. MFA really isn't an option.

THX> Eric

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LukasBeran avatar image
0 Votes"
LukasBeran answered

Hi Wick.

You should never store credentials in plain text directly in scripts/config files. You should always use Azure AD apps / Service Principals.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

michev avatar image
0 Votes"
michev answered

MFA is the best practice, period. You can bypass the MFA requirement by whitelisting the IP address or using an AAD Joined device, while at the same time making sure that all external attempts will fail.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

sagus avatar image
0 Votes"
sagus answered

You can also use Azure Key Vault as your password repository, if you don't want to use MFA.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.