I designed this lab to simulate a secure break-glass account strategy for emergency access in the event of identity lockout, Conditional Access misconfiguration, or administrative failure. In real-world environments, organizations must maintain at least one access path that bypasses policy enforcement while remaining observable and auditable. This mirrors what a CloudSec architect would implement as part of a Zero Trust incident response plan. My goal was to validate that break-glass accounts could be excluded from Conditional Access, monitored via Sentinel, and confirmed through audit queries.
I architected a resilient break-glass access flow that enforces Zero Trust principles through observability and role isolation. The infrastructure includes Microsoft Entra ID for identity provisioning, Sentinel for audit visibility, and Log Analytics for long-term retention and query support.
I executed each step with precision, capturing screenshots to validate account creation, role assignment, policy exclusion, and audit visibility.
Provisioned two emergency access accounts:
Step 2: Assign Permanent Global Admin Role
Assigned both accounts to the Global Administrator role Excluded both accounts from all Conditional Access policies to guarantee uninterrupted access