Today I was looking for a Best practice or a recommendation how to use the Option alternate Email Address which is available on Accounts with administrative permissions. You can find this information when you go to myapps.microsoft.com and click on profile:
When I asked around a little bit, a common answer I became was: “I just use my private Email Address for this purpose”. Yeah, quite simple, but do you think that is a good idea?
I would rather use an Email Account only created for this purpose, because using a private Mail Account, could have a an impact to your security.
When an attacker has get your mobile, he can easily pass the second verification step, the first is gaining access to your private mailbox, by answering the call from Azure/Microsoft.
What do you think could be a better solution for this questioning?
Feel free to share your opinion in the comments, or write me on twitter.
One thought on “Azure AD – Alternate Email Address”
I ran into the same reflection as you : I use a personal email address I rarely access, not linked to any device and so used only for those kind of purpose. So no email incoming (nor spam)
Regarding security of mobile devices : it’s a concern when you allow user self service password reset
Hopefully you can select which options fit you, I choose : password via SMS and security questions carefully selected.