question

wick111 avatar image
0 Votes"
wick111 asked ·

What is best practice to secure admin script account in AAD?

Looking for best practice ideas to secure an elevated account used in scripts. MFA really isn't an option.

THX> Eric

azure-active-directory
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

3 Answers

LukasBeran avatar image
0 Votes"
LukasBeran answered ·

Hi Wick.

You should never store credentials in plain text directly in scripts/config files. You should always use Azure AD apps / Service Principals.

· Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

michev avatar image
0 Votes"
michev answered ·

MFA is the best practice, period. You can bypass the MFA requirement by whitelisting the IP address or using an AAD Joined device, while at the same time making sure that all external attempts will fail.

· Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

sagus avatar image
0 Votes"
sagus answered ·

You can also use Azure Key Vault as your password repository, if you don't want to use MFA.

· Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.