Mar 16 2017 02:10 PM
We have recently started looking at the security state of our O365 tenant with the Secure Score tool (https://securescore.office.com). One of the suggestions to raise the score is to enable MFA for all Global Admin accounts. However, the Azure AD sycn tool has a user/service account that requires the Global Admin role to be assigned to it (as noted in the first referenced link below). Additionally, other Office365 admin roles are not permitted the directory sync access (as noted in the second link below).
Seeing as how the sync is an automated process, there is no way that I know of to build approving a login with MFA.
I have been unable to locate any articles around the Azure AD sync tool, nor a way to add an exception to the Secure Score portal for this user account. Has anyone come across a solution for either adding MFA to a service account or creating an exception for a service account to the Secure Score?
Mar 16 2017 03:37 PM
Mar 16 2017 03:44 PM
Mar 17 2017 05:44 AM
Thanks for the clarification on that. We are using the AAD Connect tool thankfully. I've removed the GA role from the account question.