User Account and User Access Right permissions

User Account and User Access Right permissions

To enhance your “break glass” procedure for Azure portal account administrators, consider leveraging Azure Lighthouse. This powerful tool allows you to manage multiple Azure tenants from a single location, streamlining administrative tasks and improving security. Here’s how you can incorporate it into your process:

  1. Azure Lighthouse Overview:

    • Azure Lighthouse enables service providers (like Managed Service Providers or internal IT teams) to manage resources across multiple Azure tenants.

    • It provides a centralized view, delegation capabilities, and streamlined access to client resources.

  2. Break Glass Scenario with Azure Lighthouse:

    • Emergency Access Accounts: Continue using the cloud-only emergency access accounts (as mentioned earlier) for critical scenarios.

    • Shared Access: Create a shared Azure Lighthouse account that has permissions across all relevant tenants.

    • Break Glass Procedure:

      • When a break glass situation arises (e.g., normal admin accounts are inaccessible), designated administrators can sign in to the shared Azure Lighthouse account.

      • From there, they can access and manage resources across all connected tenants.

      • This approach reduces the need to switch between different Azure portals and simplifies emergency access.

  3. Monitoring and Verification:

    • Azure Monitor and Azure Security Center can be configured to track activities related to the shared Lighthouse account.

    • Set up alerts for any unusual or unexpected actions performed by the break glass administrators.

Remember to document this process thoroughly and ensure that relevant personnel are trained on using Azure Lighthouse during emergencies. 🚨12

Did you find this article valuable?

Support Menno Drescher by becoming a sponsor. Any amount is appreciated!