I'm trying to set up a "break-glass" global administrator account within the Azure portal for use in a high-level emergency.
I have an account created but when I try to login to test it, I see this screen:
Pressing Cancel doesn't skip the step, it just reloads the password page followed by this same screen.
The problem is that I don't want this account to be tied to a particular phone or email address due to the very nature of it. While I can easily set up an email distribution list to deal with the second issue, there is no phone number to use here as the company doesn't have a sole phone for this purpose.
Reading Microsoft's documentation, there appears to be some contradiction as the document states that the account should be excluded from the usual sign-in policies, but the workarounds (e.g. custom controls) cannot actually be used for self-service password reset).
Can anyone recommend a better approach please?
