Nov 12 2018 08:17 AM - edited Nov 12 2018 08:18 AM
I am using Secure Score and attempting to complete actions in order to secure my Office 365 environment.
It is not possible to require Multi-Factor Authentication for Office 365 Shared Mailboxes as I believe they do not have a username & password, but my Shared Accounts are included in the total reported by the 'Enable MFA for users' and 'Ensure all users are registered for multi-factor authentication' actions in Secure Score.
Please could you confirm that not having Multi-Factor Authentication enabled on *shared* mailboxes is not risky, and remove them from the Secure Score rules totals?
Nov 12 2018 08:23 AM
Nov 12 2018 10:28 AM
They do actually have user accounts, but there is no risk involved in not having those protected by MFA. Remember, the secure score is only suggesting some generic best practices/recommendation, Microsoft cannot possibly account for all the different controls and configurations tenants have, so always read the score and the actual recommendation in the context of your own requirements.
I do agree though, shared/resource mailboxes and any similar object types should be excluded by default.
Nov 14 2018 05:54 AM
SolutionNov 02 2020 03:37 AM
@Chris Hill Hello Chris,
Am stuck at a simillar cross road. I want to enable MFA for shared mailbox. Did you get you way out with a solution.
Look forward for your reply.
Thanks
Munesh
Nov 14 2018 05:54 AM
Solution