You can’t use MFA for CiraSync, but you can mitigate your risk using the steps shown below.
Requiring MFA for all Global Administrators is good idea. Although weak admin passwords are not that common, it is possible for an admin to reuse a password across several different accounts.
For example, if a hacker knows someone’s Yahoo password, there is the chance that they can guess a related username for Office 365. It happens all the time and it can be devastating to you and your company.
CiraSync Enterprise Edition is an Azure application. It does not need or use passwords to operate. Instead, a Global Administrator grants consent and CiraSync receives an access token. The access token is used in a Daemon service. It is not possible to communicate directly with this type of service and therefore MFA cannot be used.
To mitigate the lack of MFA, I recommend these simple steps:
We recommend that a Service Administrator has minimal permissions. Go back into the user, click “Customized Administrator” and choose “Service Administrator”
In the event that you need to reset the service account password, you will need to temporarily add back the Global Admin role and login one time to the dashsboard.