Emergency mode

In the highly unfortunate situation where a Global Admin account for the Entra ID tenant has been compromised, it is possible to disable sign-in with Microsoft credentials to prevent the perpetrator from accessing the customer's Entra ID and/or Microsoft 365 backup environments and possibly causing further damage. Note that the perpetrator can never delete any data from backup though!

Even when sign-in with Microsoft has been disabled, you can still access the backup environment by using your alternate user credentials.

1. Activate Emergency mode

To activate the emergency mode, the service provider / reseller needs to sign in to the Nexetic Portal, search for the compromised customer and click the Emergency mode slide switch to enable it for the selected customer.

emergency-mode.png

Note

If you are an end-customer, please contact your service provider for emergency mode activation. If you have ordered the service directly from Nexetic, please contact Nexetic Support.


2. Sign in with Microsoft is now disabled

If the perpetrator - or any other user - tries to sign in to the customer's backup environment by using Microsoft credentials, the sign-in will now fail with the following error:

emergency-mode-error.png

3. Use your alternate user credentials to sign in to the backup portal

Users can still access the customer's backup environment by using their alternate user credentials. Go to the backup portal sign-in page and select Sign in with alternate email. Enter your alternative username and password.

emergency-sign-in-with-alternate.png


4. Recover data from Entra ID backup

In the most severe situations you may have lost data from your Entra ID environment. Learn how to resume your Entra ID environment in no time by using the Disaster Recovery feature.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section