CloudSOC customers would like to remove Global Administrator permissions from the Microsoft 365 account used to activate the Office 365 Securlet, but aren't sure if removing the permissions will impact the integration.
Component: Office 365 Securlet
Once the CloudSOC System Administrator has successfully activated the Office 365 Securlet, they can notify their Microsoft 365 Administrator that Global Administrator permissions are no longer required to be active on the user account that was used for the Securlet activation.
The integration between CloudSOC and Microsoft 365 requires Global Administrator permissions only for the initial activation and can be removed after activation. The OAUTH2 token retains the necessary permissions for the life of the integration to perform actions on behalf of the organization.
Note: Post activation, CloudSOC uses an OAUTH2 token with app-based permissions to maintain the relationship with Microsoft's Management APIs.