On August 2, 2019, Microsoft implemented a mandatory Multi-Factor Authentication (MFA) policy for all partners re-selling Office 365/Microsoft 365 licenses to end users. The policy requires all administrator accounts in the Cloud Solution Provider (CSP) tenant to have Multi-Factor Authentication.
For the Exchange Online and SharePoint Online Delegate Accounts created using the automatic provisioning process, they also need to meet this partner security requirement, while at the same time maintaining their capability of being used to protect the Office 365 services.
To enable Multi-Factor Authentication on new or existing Cloud App Security Service Accounts:
- Log in to the Office 365 Admin Center.
- Select the Users > Active Users tab.
- Select “Cloud App Security Service Account for SharePoint” from the Active Users list.
- Click Manage Contact Information to update the service account with a mobile phone number for authentication purposes.
- Reset the password using the "Let Me Create the Password" option.
- Click Manage Multi-Factor Authentication for the User account.
This will redirect to the multi-factor authentication page.
- Select the User account and click enable multi-factor auth.
- Log in to My Account using the service account name and the new password created in Step 5, and complete the multi-factor login using the code sent to the mobile phone number added in Step 4.
- Once the login has been verified in My Account, navigate to Security & Privacy > Additional security verification > Create and manage App Passwords.
- Click Create and name the new password "Cloud App Security".
The name of the app password and the password will be shown on screen.
- Copy the password by clicking copy password to clipboard.
- Log in to Cloud App Security and navigate to Administration > Service Account.
- On the SharePoint service account, select "Change Password" then paste the new app password and save it.