The alert came at 2:13 a.m., and the primary engineer was asleep. The second engineer wasn’t on call. The only way back into the system was the break glass account—and no one had used it in over a year.
Break glass access in Microsoft Entra isn’t just a checkbox in compliance. It’s your last line of defense when your entire identity layer is down, conditional access is misconfigured, or multi-factor authentication fails. Without it, recovery time stretches from minutes into hours. Hours are what turn a minor outage into an incident report and an executive escalation.
A proper break glass procedure starts long before the incident. You create a dedicated account in Microsoft Entra ID with the highest admin privileges. You make sure it’s excluded from all conditional access policies, MFA prompts, and automated lifecycle management. It lives outside the blast radius of your normal identity controls. You store its credentials offline in a sealed, auditable environment. You keep a strict review and update cycle—test it every quarter and log every test.
Too many teams keep their break glass plan as a confluence page buried in an ops folder. That’s useless when the UI is unreachable or your admins are locked out. The plan must be explicit, offline, and accessible. Your people must know the exact trigger conditions: when to use it, who can approve it, and what to do immediately after. Once used, it should have a short, scripted life—enough to restore normal access, then disabled and rotated.
Microsoft’s own recommendations stress having at least two separate break glass accounts, each with strong and unique authentication, stored in different secured locations. They should be immune to automation changes. After each use, investigate root cause, re-validate your Entra access policies, and reset those credentials.
This is not a “set and forget” setup. Every change to your tenant’s policies can impact your emergency account if it’s not excluded correctly. Conditional Access updates, MFA enforcement, or baseline policy adjustments may silently strip you of the very access you’re relying on. Run simulations. Include break glass activation in your disaster recovery drills.
If you want to see how resilient, audited, and ready break glass access can be, you can do it live in minutes. Build it, test it, and prove it—without waiting for the next 2:13 a.m. call. See how at hoop.dev.