maester icon indicating copy to clipboard operation
maester copied to clipboard
verified publisher icon maester365

MT.1036 - Includes break glass accounts

Open biggles007 opened this issue 10 months ago • 2 comments

I'm not sure if this is expected behaviour, but MT.1036 is failing against the break glass account(s). Can you please confirm whether or not it should be failing? It may be beneficial to directly refer to break glass accounts in the documentation of this test for clarification.

https://maester.dev/docs/tests/MT.1036/

If break glass accounts should be caught by this, shouldn't there be separate test to ensure the right kind of protection is against the break glass accounts? Technically something the opposite of what MT.1005 is doing?

biggles007 avatar Feb 28 '25 15:02 biggles007

As an update to this, I created a fallback policy for my break glass accounts, to enforce phishing resistant MFA which would hopefully remediate against this, but not MT.1005 fails as my break glass accounts aren't excluded.

biggles007 avatar Mar 02 '25 09:03 biggles007

Good question. I would do the same as you.

evolstuer avatar Apr 29 '25 12:04 evolstuer

A resolution for this will be provided in #1224.

SamErde avatar Oct 27 '25 10:10 SamErde