Forum Discussion
Solved
Enable MFA and Ensure all users registered for MFA actions include shared mailboxes in Secure Secure
I am using Secure Score and attempting to complete actions in order to secure my Office 365 environment. It is not possible to require Multi-Factor Authentication for Office 365 Shared Mailboxes ...
- Of course - if the tool excluded objects that don't need MFA though, it would be possible to check that no accounts which *should* have MFA are missing. Given Microsoft seem to be putting this forward as a compliance tool, it shouldn't be responsible for false positives if at all possible!
I should add - I believe Resource (Room and Equipment) Mailboxes are also counted, and these need to be excluded as well (since they do not support any form of logon, let alone multi-factor).
They do actually have user accounts, but there is no risk involved in not having those protected by MFA. Remember, the secure score is only suggesting some generic best practices/recommendation, Microsoft cannot possibly account for all the different controls and configurations tenants have, so always read the score and the actual recommendation in the context of your own requirements.
I do agree though, shared/resource mailboxes and any similar object types should be excluded by default.
- Of course - if the tool excluded objects that don't need MFA though, it would be possible to check that no accounts which *should* have MFA are missing. Given Microsoft seem to be putting this forward as a compliance tool, it shouldn't be responsible for false positives if at all possible!