Reducing the Assigned Microsoft Application Role
Avanan uses the Privileged Authentication Administrator role to block accounts that are detected as compromised. This role allows to block every compromised account, even if it is a Global Administrator. For more information, see Remediating Compromised Accounts.
After successfully Activating Office 365 Mail, administrators can reduce the Privileged Authentication Administrator role to any of the roles described in this Microsoft article.
Once you do that, Avanan will only be able to block compromised accounts that the selected role can reset their password (see this Microsoft article).
-
When reducing the application role, make sure to apply the lesser role first (see this Microsoft article) and then remove the more privileged role (see this Microsoft article).
-
If you have connected Avanan to Office 365 Mail prior to December 09, 2024, your application might be assigned with the Global Administrator role. You can manually reduce this role to Exchange Administrator, Privileged Authentication Administrator or a lesser role.
Instructions to reduce the assigned Microsoft application roles:
- Add the new roles to the Avanan application.
- Wait 30 minutes to allow the new roles to populate properly.
- Remove the old roles from the Avanan application.