secmon@ user vs CSPs compliance
Since August 1rst, 2019, CSPs need to have all Global Admin users to be MFA enabled, but the Office Protect secmon@ user needs to not be MFA to work. Which brings CSPs partner to not be able to use the Office Protect service.
We are working with Microsoft on alternate ways to access features in Microsoft 365. This will take a while because Microsoft is not making all features available through modern authentication means. Stay tuned.