Configuring an Office 365 account for a Service Account

If you need to manage a Service Account, but your company security policy prohibits the use of Global Administrator account credentials in external applications, you must configure an Office 365 account manually.

Multi-factor authentication is not supported while accessing messages from Exchange Online Quarantine. If your account uses multi-factor authentication, consider using another account.

Create an Office 365 user account with the Security Admin role. This role is required for accessing messages from Exchange Online Quarantine. You can also use an existing Office 365 user account. At that, you must assign the Security Admin role to this user account manually.

Creating a Security Admin user account

The exact steps required to create an account vary depending on whether you have only Exchange Online or a hybrid deployment.

To create an account if you have only Exchange Online:

  1. Open the Microsoft Office 365 Admin Center.
  2. Sign in to the same Office 365 organization to which Kaspersky Security for Microsoft Office 365 is connected.
  3. In the left part of the window, expand the Users drop-down menu and click the Active users button.

    The Active users operation pane will be displayed on the right side of the window.

  4. In the operation pane, click the Add a user button.

    The Set up the basics window will open.

  5. Specify the new user account information in the following entry fields: First name, Last name, Display name, User name, and Domains.
  6. Choose whether to create a password automatically, or enter your custom password.
  7. Click Next.

    The Assign product licenses window will open.

  8. Select your location in the drop-down list.
  9. Select the Create user without product license option.
  10. Click Next.

    The Optional settings window will open.

  11. Select the Admin center access option.
  12. Expand the Show all by category drop-down list.
  13. In the Security & Compliance section of the list, select the Security admin option.
  14. Click Next.

    The Review and finish window will open.

  15. Click the Finish adding button.

Office 365 will create a new user account. You can review the specified details and close the window.

To create a user account in case of a hybrid deployment:

  1. Create a user account in the on-premises Active Directory.
  2. Synchronize the changes between the on-premises Active Directory and Azure Active Directory.

Assigning the Security Admin role to an existing user account

If you use an existing user account, you must assign the Security Admin role to this user account manually.

To assign the Security Admin role to a user account:

  1. Open the Microsoft Office 365 Admin Center.
  2. Sign in to the same Office 365 organization to which Kaspersky Security for Microsoft Office 365 is connected.
  3. In the left part of the window, expand the Users drop-down menu and click the Active users button.

    The Active users operation pane will be displayed on the right side of the window.

  4. In the operation pane, click the name of the user account in the list of active users.

    The user account information will open in a separate pane in the left part of the window.

  5. In the Account tab of the pane, click Manage roles in the Roles section.

    The Manage admin roles pane will be displayed.

  6. Select the Admin center access option.
  7. Expand the Show all by category drop-down list.
  8. In the Security & Compliance section of the list, select the Security admin option.
  9. Click the Save changes button.

The Security Admin role will be assigned to the selected user account. You can review the specified details and close the pane.

After the Service Account has been configured, specify its credentials to access messages from Exchange Online Quarantine.

Page top