Tag Archives: Identity Summit

Cloud Identity Summit 2022 Recap

After 8 Months of planning the Cloud Identity Summit 2022 is over and I can say it was really a pleasure to help to organize this great Community event from my perspective. Four years ago Thomas Naunheim come up with the Idea to create a event focus on Identity for the Community. We discuss this in our Azure Bonn Orga Team and finally the Cloud Identity Summit was born. At the end of 2019 we plan the first edition for 2020 as a in-person event, but things changed and we changed the format to an virtual event and this also for 2021.

Back in february we start planning for the 3rd edition 2022 and we decided to go back to our original idea to hold it as a in-person event, but with the experience of two virtual events we move it to an hybrid event. Yesterday was our 1st Cloud Identity Summit 2022 as hybrid edition and I can say, I was really exited about it. Why?

CIS 2022 – Conference view

Firstly it was an absolute pleasure to meet so many Identity experts from around the globe at our local event in-person to get to know them, to exchange ideas with them and to learn many new things. And how often do you have the opportunity to have dinner and a conference with Nestori Syynimaa, Stefan van der Wiele, Sander Berkouwer, David O`Brien, Christopher Brumm, Sergey Chubarov, Fabian Bader, Eric Berg, Raymond Comvalius and the other Identity experts?

CIS 2022 – Speaker Dinner

Second the shift to a hybrid event and the ability to bring the speaker together with the community was amazing. There was a lot of discussion about different solution. The workshops offered by Nestorri and Stefan were well attended and there was a lot of feedback on Microsoft Docu and the like. This workshops was only available for our in-person attendees to allow a real exchange between speakers and participants.

CIS 2022 – Workshop by Stefan van der Wiele
CIS 2022 – Workshop by Nestori Syynimaa

Third the afternoon was good prepared was means every speaker delivered a great session and give our attendees everytime the opportunity to get in touch with them. We streamed the sessions, giving everyone the opportunity to participate. Unfortunately, the feedback was, as so often, very low. We deliberately refrained from recording the sessions.

CIS 2022 – Azure AD Auth session by Jan Vidar Elven

We hope we arrived our goal to bring the speaker and the community together in an in-person event and give the hole community the opportunity to attend virtual. A main topic for this conference was the roundtable where attendees can ask the identity experts about solutions, features and services.

A big thank you to the speakers who traveled all the way to the event, took the work upon themselves to get in touch with the participants on site and share their knowledge.

Also, a big thank you to our sponsors adesso SE, Yubico and Glueckkanja-gab who supported us in getting this event off the ground and were always available with confidence.

CIS 2022 – The Azure Bonn / Cloud Identity Summit Orga Team Gregor, Melanie, Thomas and René
CIS 2022 – Selfie Time

Finally, a big thank you to my Azure Bonn Team Melanie Eibl, René de la Motte and Thomas Naunheim without him this event never been possible.

Our wish. Please do not forgot to give us your feedback – this is very important for us to improve the event and your experience. And follow our Cloud Identity Summit and Azure Bonn Twitter account to get updates and latest announcements.

IdentitySummit 2020 is over – Thank you

Our 1st IdentitySummit is over and we had a amazing Summit with our powerfull Speakers and our attendees.

We (Azure Bonn Orga Team) started planning the Summit in March 2020. The Orga Team from the AzureBonn Meetup consists of Melanie Eibl, Thomas Naunheim and René de la Motte. The idea came from Thomas (our Identity Expert) and we can say that was a wonderful idea.

We meet together at the Debeka Innovation Center (DICE) in Koblenz to organize and streaming all the sessions from one central place. The current Corona situation has unfortunately not made a complete live event possible, so we have met under the rules in force to ensure a smooth process and bring a little live feeling.

Now after 6 session in 2 parallel Tracks we can say it was worth every minute of planning – Why?

The answer is simple: First of all because of our great speakers. Each session was planned with a minimum of 300, and each session went deep into the relevant topics, showing what needs to be considered, the pitfalls and best practices available.

Continue reading IdentitySummit 2020 is over – Thank you

Howto Setup and Monitor the Break Glass Account in your Tenant

19/01/2022 – Update 1

I´ve updated the article because the actual sign-in query only logs all login attempts of the break glass account (successfully, unsuccessfully, etc.) . I added the different IDs so that you can setup the alert mail based on a indivudal filter. Thank you goes out to Eric Soldierer for this note. I also updated some changed services that had left their preview status.


In the past I do a lot of Azure Governance workshop and one interesting topic is how to handle the Break Glass Account. Before we going deeper, first we take a look was is the Break Glass Account. For each Administrator role in Azure or Office365 is it best practice to use MFA to secure the account and get a better security for the Tenant. To realize this, normally we use Conditional Access and create a rule, that every Admin require MFA for login. But what can we do, when:

  • the MFA service is down
  • we create a Conditinal Access that with a wrong rule set and lost sign-in access
  • we do not regulary update our control list and the admin account goes lost

For this cases we need a Break glass account, an additional account with a high security password, to enter the Tenant in an emergeny case. For this account, there are some recommendations:

  • only use a generic account
  • create a complex password with more than 16 characters
  • up to 256 characters possible – the limit of 16 character is removed
  • for compliance reason divide the password into two parts
  • save each part in a different location
  • create a security group that contains the break glass accounts
  • create two break glass accounts with no standard username like breakglass@ or emergency
  • use the Tenant name for the account
  • do not use a custom domain name
  • in futher it will be possible to use FIDO2 security key for break glass (right now is in preview and not recommended for such critical scenario)

Now we can discuss in some ways a security gap – a service account with Global admin rights that do not require MFA for login. Now you see, why it is so important to monitor this accounts and get notified when they will be used for login.

Continue reading Howto Setup and Monitor the Break Glass Account in your Tenant