Some customers are concerned that the requirement of matching email addresses between the Office365 global administrator and the CloudSOC sysadmin breaks the segregation of duties - This can potentially allow the Office 365 administrators to access the CloudSOC environment with the sysadmin privilege or the other way around.
This article discusses the strategy to keep the access separate to each team so the Office administrator cannot access CloudSOC or vice versa.
There 2 approaches to activate the Office 365 Securlets without sharing the credentials:
Using existing GA may be easier for some organizations than requesting a new GA in Office365 environment. The benefit of creating a new O365 GA is that the account is only used for this activation, so there is minimal concern over the risk of loess the identity as it can be deactivated after the activation.