Azure AD – Alternate Email Address

Today I was looking for a Best practice or a recommendation how to use the Option alternate Email Address which is available on Accounts with administrative permissions. You can find this information when you go to and click on profile:
Azure AD Alternate Email Address

When I asked around a little bit, a common answer I became was: “I just use my private Email Address for this purpose”. Yeah, quite simple, but do you think that is a good idea?
I don’t.
I would rather use an Email Account only created for this purpose, because using a private Mail Account, could have a an impact to your security.
When an attacker has get your mobile, he can easily pass the second verification step, the first is gaining access to your private mailbox, by answering the call from Azure/Microsoft.

What do you think could be a better solution for this questioning?
Feel free to share your opinion in the comments, or write me on twitter.

One thought on “Azure AD – Alternate Email Address

  1. Hello,
    I ran into the same reflection as you : I use a personal email address I rarely access, not linked to any device and so used only for those kind of purpose. So no email incoming (nor spam)
    Regarding security of mobile devices : it’s a concern when you allow user self service password reset
    Hopefully you can select which options fit you, I choose : password via SMS and security questions carefully selected.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.