Break Glass access critical Incident alerting
E
Elliott Campbell
Have a Critical incident generated in the event the Emergency Break Glass/ Allocated User is accessed. per Microsoft recommendations
L
Luke Van Der Weiden
+1 for this, would mean one less security-related thing we have to manage outside of Huntress.
C
Cameron Granger
Merged in a post:
Emergency Access Account Usage Notifications
S
Steven Hodson
We have a number of clients who have Microsoft 365/Entra ID Break Glass user accounts also known as Emergency Access Accounts. These have been configured as per Microsoft Guidance here - https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/security-emergency-access. Instead of having to use Azure Log Analytics, we would like to mark these accounts as highly privileged and ensure that any auditable activity, but in particular any login using these accounts creates an immediate alert/incident/ticket for investigation.
C
Chip Seelig
Shocked this isn't a thing already
C
Christian Moore
I want this feature so bad
C
Christian Davis
This would be a fantastic feature to have. BTW, the link in the post is broken. Here's the Microsoft documentation: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/security-emergency-access
Y
Yidel Steinfeld
S
Steven Hodson
This would be an awesome and really useful feature
B
Brent Shore
This would be a great feature to have.
S
Stephen Moody
This would be a killer feature for us too.