u/Traditional-Ad634

All uses in the domain utilize MFA. I have one local account (admin) on each laptop that does not have MFA. I use this as a break glass account. The control did not pass during the mock assessment. Can you use break glass accounts with an associated risk acceptance letter?