To avoid losing administrative access to the Entra portal from things such as a misconfiguration of a conditional access policy (CAP), it's important to setup an emergency access (break glass) account with the Global Administrator role assigned to it. In this guide, we'll walkthrough the process of creating an emergency access account, setting up phishing resistant authentication, and setup monitoring to receive alerts when the account is used.

Using the Azure Portal to create and manage resources can be beneficial for one-off tasks and learning about different services offered in Azure; however, it becomes more practical to take advantage of a scripting language such as PowerShell for management of tasks as it allows the use of one-liner syntax, piping outputs, and scripting.

In this guide we will be configuring Storage Spaces Direct (S2D) on a 2-node Windows Failover Cluster. This Home Lab consists of 2 HP EliteDesk 800 35W G3 Desktop Mini PCs.

Managed identities can be used to manage Azure resources without using hardcoded credentials - removing the need to enter credentials from a VM (or other resources such as Azure Functions) that are accessing resources the managed identity has been given access to. There are two types of managed identities - User Assigned and System Assigned. User assigned can be used by multiple resources and system assigned is tied to one specific VM (resource). User assigned is created as a Managed Identity that can be assigned to multiple VMs.