Global Admin role for xink connect should be removed
Would it be possible to reduce the role for the XinkConnect user in O365 from Global Admin to something safer. This user is not MFA enabled and should therefore not be Global Admin.
Please find a way to ensure either OAuth or MFA and reduces role for the XinkConnect user.
Thanks for reaching to us.
When you say XinkConnect, are you referring to our Office 365 server-side rerouting? If so, it is not possible to run Create/Remove/Validate commands without having a Global Admin or Exchange admin permissions as this requires access to transport rules and connectors. However, this permission is only required when you perform the said actions. This means you can reduce the access of whatever admin user account you used while you do not require any changes to the setup. But every time you make some changes with the integration, the role has to be set back.
Does this answer your question?