[THEME] Breakglass
The Breakglass theme ensures that your organization has a properly configured emergency admin account for use when normal administrative access is unavailable.
What does Attic do?
Attic verifies the existence and security of a breakglass (emergency) account and monitors its usage. If no breakglass account exists, Attic can create one for you.
The checks in this theme cover:
- An emergency admin account exists in the tenant
- The breakglass account password has been changed since creation (to ensure the MSP has a unique password)
- The breakglass account password has not been reset unexpectedly
Why is this important?
A breakglass account is your last line of defense when all other admin access fails. If MFA is disrupted, Conditional Access locks out all administrators, or a security incident requires immediate response, the breakglass account provides a way back in. Without one, you could be permanently locked out of your own tenant during a critical incident.
Any client using ATTIC MDR will have monitoring enabled on any sign ins using the emergency admin account.
Checks in this theme
| ID | Check |
|---|---|
| CHK-1135 | Emergency Access Account |
| CHK-1052 | Emergency Access Account Password |
| CHK-1053 | Initiation emergency account |