To ensure CoreView to function properly while ensure maximum security for your tenant and CoreView, its needed to disable MFA for service accounts and use conditional access to prevent issues.
Preface
Follow this guide if:
- You are preparing your environment for onboarding.
- You have received a notification stating that the data import was unsuccessful. This can occur if your service accounts were enabled for Multi-Factor Authentication (MFA).
Our Customer Care Team will closely monitor the progress of your enrollment and proactively reach out to you in case of any issues. Additionally, it's important to note that our Customer Care is promptly notified of any issues that may arise during the process.
Overview
Disabling MFA
While CoreView requires service accounts to have MFA disabled in order to work properly, it is also true that disabling MFA for service accounts in M365 can lead to security risks. For example, accounts may be impersonated and used outside of CoreView's data center, leading to unauthorized access.
Use conditional access
Therefore, it's crucial to use Conditional Access to grant access only inside the chosen data center to mitigate such risk. This ensures that CoreView accounts cannot be used outside of the data center and remain secure. By blocking access outside of the chosen data center (i.e., a list of allowed IPs), it's also possible to prevent accounts from being impersonated and used outside of CoreView's data center.
Here are the listed steps for running CoreView properly while ensuring security:
- Disable MFA for CoreView service accounts
- Set Conditional Access to grant access only inside the CoreView data center