A Service Account is an Office 365 account used to access messages from Exchange Online Quarantine. To perform this function, the account must be assigned the Security Admin role. No separate Office 365 license is required to run this account.
The Service Account must belong to the same Office 365 organization to which Kaspersky Security for Microsoft Office 365 is connected.
If you already have a user account with the necessary roles, you can specify its credentials to access messages from Exchange Online Quarantine.
If you do not have a user account that meets these requirements, you need to create a new one.
You can specify a Service Account only after you configure the connection of the Kaspersky Security for Microsoft Office 365 workspace to your Exchange Online.
There are two methods of specifying a Service Account in Kaspersky Security for Microsoft Office 365:
You need an Office 365 Global Administrator user account (hereinafter referred to as Global Administrator).
If your Global Administrator uses multi-factor authentication, you must turn it off before creating a Service Account. You can turn it back on later. Global Administrator credentials are only required for authorizing the creation of an account with the necessary permissions. The application no longer depends on the Global Administrator account and does not store its credentials for future use.
You can create and configure a special account in Office 365 or use an existing user account with the necessary role.
Multi-factor authentication is not supported while accessing messages from Exchange Online Quarantine. If your account uses multi-factor authentication, consider using another account.
Use this method if your company security policy prohibits the use of Global Administrator account credentials in external applications.
Due to a configuration change made by your administrator, or because you moved to a new location, you may receive an error message saying that your Service Account uses multi-factor authentication, though it did not before. In this case, check the conditional access locations in Azure Active Directory, disable multi-factor authentication manually, or consider using another account.Page top