Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

🤖 Get 25% OFF on AI & ML Practice Exams, Video Courses, and eBooks – AWS, Azure, Google Cloud, and GitHub Reviewers!

Find answers, ask questions, and connect with our
community around the world.

Home Forums Azure SC-300 Microsoft Identity and Access Administrator Break glass global admin accounts

  • Break glass global admin accounts

     Lois-TutorialsDojo updated 3 weeks, 4 days ago 2 Members · 2 Posts
    SC-300 Microsoft Identity and Access Administrator

  • avrohomdu

    Member
    March 24, 2026 at 10:38 am

    Category: SC-300 – Plan and Automate Identity Governance

    You manage a Microsoft 365 tenant integrated with a Microsoft Entra ID. The Entra tenant uses Microsoft Entra ID Protection to detect and remediate risky sign-ins across the organization.

    You configure synchronization between the Microsoft Entra tenant and an on-premises Active Directory domain to ensure uniform account management for all users.

    You intend to provision an emergency-access administrative account named TD-Recovery. The account will be granted the Global Administrator role within the Microsoft Entra tenant.

    You need to reduce the possibility of TD-Recovery being unable to sign in during situations where the Microsoft Entra tenant is disrupted and the on-premises Active Directory domain is unreachable.

    Which action should be taken to meet this requirement?

    <ul data-question_id=”15697″ data-type=”single”>

  • None of the answers are correct. Using Azure monitor to setup alerts does nothing to prevent the account from being inaccessible when AD is unreachable.

    The best possible answer is to create a cloud only account, not synced from AD.

    Next best answer is to setup a different MFA method so that if the MFA method of other accounts go down, this one is still working.
    These 2 answers really go together.

    The only other on prem answer would be to do password hash sync, so that it’s not dependant on AD being up.

  • Lois-TutorialsDojo

    Administrator
    March 25, 2026 at 11:04 am

    Hello avrohomdu,

    Thank you for taking the time to share your feedback with us. We truly appreciate your insight and fully agree with your preferred solution.

    After reviewing the scenario and the provided options, we recognize that the solutions offered in the question, including Option 1 (monitoring via Azure Monitor alerts) and the other options, do not adequately address the issue of ensuring TD-Recovery remains accessible during disruptions. These options fail to ensure that the account can still authenticate if the on-premises Active Directory is unreachable, which is the core concern of the question.

    We fully agree with your suggested solution of creating a cloud-only account for TD-Recovery, along with configuring backup MFA methods. This approach would indeed ensure the account’s availability during disruptions, regardless of the state of the on-premises infrastructure.

    As a result, we’ve flagged this question for review and will update it in our next content cycle to better reflect the correct solution and ensure that it aligns with both real-world best practices and exam expectations.

    Thanks again for the insightful feedback! This will help us improve the quality of our materials. Feel free to reach out if you have any follow-up questions.

    Regards,

    Lois @ Tutorials Dojo

    • Viewing 1 - 2 of 2 replies

    Log in to reply.

    Original Post
    0 of 0 posts June 2018
    Now
    Skip to content