As announced earlier this summer, we phased the Office Protect Monitoring User (secmon). We will now connect to your tenant using the Office Protect Monitoring application you can find in your Azure Active Directory. This authentication method is much more reliable and secure, as it is much less likely that an application is deleted by accident.
Summary of our changes:
- Dependencies to Secmon were removed, which means we are no longer using the user to perform action on your organization with PowerShell
- We deployed the Office Protect Application to all the organizations using Office Protect with the required permissions to perform our operations (see our article on the subject)
- "Enable Security Default" setting was deployed to replace "Enable Multi-Factor Authentication".
- We retired the Enable Multi-Factor Authentication setting
- New organizations onboarded in Office Protect no longer have a Global Administrator created within their organization
- "Monitoring User is Active" Health Status has been be removed for all organizations
What do I need to do?
If you purchased Microsoft 365 with Sherweb, we will automatically remove our Monitoring User without any intervention required on your part. If you did not purchase Microsoft 365 with Sherweb, it is now safe to delete the user.
Microsoft's Documentation on how to delete a user