Each user or application that has access to production data does so using a unique and individual identity managed by Azure AD.
Access to administrative operations and production infrastructure is only granted to a select few engineers through Azure's Privileged Identity Management service. There are time restrictions and approval processes enabled. The engineers must connect through a Virtual Private Network (VPN) with Multi-Factor Authentication (MFA) using strong passwords.
All machine users have separate application identities that can either be configured by MSI or ID and secret.
We will contact you to obtain explicit consent in the event our engineers require administrative access (for example, to resolve an issue you may be facing) that may reveal any of your organization's data.