We have recently been implementing the MS Security Score recommendations for a few clients, and one of the recommendations is that all O365/Azure accounts that have admin level roles should have MFA enabled.
Some of these roles include the Exchange Admin role and the Sharepoint Admin role (as well as eg Global admin etc), both of which are currently assigned to the user account that we have configured for Veeam O365 to do its backups. Lets call it Veeam365@domain.com
This is the only account with Admin roles that is there that I cannot think of a way to utilise MFA for in order to mark off this Security Score as completed and done.
Any ideas? Obviously can't use eg a phone number or Authenticator app or something, as the backups run on schedule at eg 2am.
I mean one easy solution is just mark that Security Score entry as 'risk accepted', but I am just curious if there is some method to utilise MFA for this account?
I am guessing that the account for the O365 backups does definitely need those two Admin roles in order to backup Exchange and Sharepoint data successfully, and given the state of hacks these days, it does seem like a bit of a hole in the security if the V365 account has those admin permissions but cannot be reasonably secured any further than just a username and password.
Thoughts?
Thank you
