MT.1005 - All Conditional Access policies are configured to exclude at least one emergency/break glass account or group.
Overviewā
It is recommended to have at least one emergency/break glass account or account group excluded from all conditional access policies. This allows for emergency access to the tenant in case of a misconfiguration or other issues.
See Manage emergency access accounts in Microsoft Entra ID - Microsoft Learn
Test Metadataā
| Field | Value |
|---|---|
| Test ID | MT.1005 |
| Severity | High |
| Suite | Maester |
| Category | CA |
| PowerShell test | Test-MtCaEmergencyAccessExists |
| Tags | CA, Maester, MT.1005 |
Sourceā
- Pester test:
tests/Maester/Entra/Test-ConditionalAccessBaseline.Tests.ps1 - PowerShell source:
powershell/public/maester/entra/Test-MtCaEmergencyAccessExists.ps1