You want to remove Global Administrator or the Privileged Role Administrator from the Microsoft 365 account used to activate the Office 365 Securlet but aren't sure if removing the permissions will impact the integration.

Release: 3.170

Component: Office 365 Securlet

Once the CloudSOC System Administrator has successfully activated the Office 365 Securlet, they can notify their Microsoft 365 Administrator that Global Administrator or the Privileged Role Admin/SharePoint Embedded Admin permissions are no longer required to be active on the user account that was used for the Securlet activation.

The integration between CloudSOC and Microsoft 365 requires those permissions only for the initial activation and can be removed after activation. Post activation, CloudSOC uses the OAUTH2 token with app-based permissions for the life of the integration to perform actions on behalf of the organization. Therefore, you can safely disable or delete the Microsoft Admin Account after the activation. If you need to make any changes to the Securlet or reactivate it, you can add the required permissions back to the service account, or use a different administrator account with the required the permissions to complete the Securlet reactivation.