Hello,
How can partners connect to the Exchange Online admin interface using the secure application model? Is this a supported scenario.
Admin interfaces that do not support the secure application model or delegated admin access require a tenant admin account. This account does not have MFA enabled when a CSP delegated admin is accessing the interface, so the support for MFA doesn't matter but is there to show maturity. We have the account "Blocked sign-in" when it is not in use for security.
As we grown our security practices for O365, the ability to check and update the configuration of Exchange Online, Teams, Security and Compliance Center, Azure Active Directory and Intune is essential.
Here's a list of all the interfaces and some notes on what types of connections they support. Please let me know if any of this information is innacurate!
Admin Interfaces:
- PartnerCenter
SecureAppModel: Yes (Source)
DelegatedAdmin: Yes
MultiFactorAuth: Yes - AzureAD
SecureAppModel: Yes (Source)
DelegatedAdmin: Yes
MultiFactorAuth: Yes
p.s. Access to Conditional Access policies (UserVoice) are in the pipeline! - MSOL
SecureAppModel: Yes (Source)
DelegatedAdmin: Yes
MultiFactorAuth: Yes - Exchange Online (EXOnline)
SecureAppModel: No
DelegatedAdmin: Yes (When connecting)
MultiFactorAuth: Yes (MFA module does not support delegated admin access) - Teams
SecureAppModel: No
DelegatedAdmin: No
MultiFactorAuth: Yes - Sharepoint
SecureAppModel: No
DelegatedAdmin: No
MultiFactorAuth: Yes - Skype (if this still exists, it won't be for much longer)
SecureAppModel: No
DelegatedAdmin: No
MultiFactorAuth: Yes - Security & Compliance Center
SecureAppModel: No
DelegatedAdmin: No
MultiFactorAuth: Yes? (I think Connect-IPPSSession counts) - Intune
SecureAppModel: Yes (Graph API)
DelegatedAdmin: Yes
MultiFactorAuth: Yes
