Enable the management session

  • Last update on July 11th, 2024

Follow these instructions if the management session has not been enabled in your tenant. For further information refer to the CoreView Management Session documentation.

 

The management session must be active when performing Playbook remediation actions, management actions, custom actions, and workflows.

 

To initialize the CoreView management session, there are two configuration methods available. It is advised to create a management service account, as this option increases security by eliminating the need to distribute Global Admin credentials to delegated operators. The other method involves using Microsoft Global Admin credentials; however, it necessitates disabling MFA, which might not be suitable for every scenario. This article will guide you through both procedures to activate the CoreView management session.

Creating a management service account is the preferred method for enabling a management session in CoreView. Follow these steps to create a management service account for the first time:

Step 1: Select the “Use management service account” option.

  • Navigate to the “Management OFF” tab at the top of the screen.
  • Choose the “Use management service account” option.
  • Click the blue “Create service account” button to begin the process. You'll see a loading screen, and the process may take a few minutes.

Step 2a: Turn on the management session

  • After the process finishes, your management service account will be shown as created.
  • Ensure that the MFA for the service account is disabled or a conditional access policy is in place. This step is essential for the process to succeed.
  • Once confirmed, click the green “Turn on management session” button.

Step 2b: Troubleshooting service account creation

If the message “CoreView doesn't have permission to create a service account on your tenant” appears, click the “Retry service account creation” blue button below to attempt again. Should the issue persist, contact the CoreView Support team for assistance.

Step 3: Auto-enable management session

Turn on the “Auto-enable management session” toggle to allow the management session to activate automatically whenever operators perform management actions, regardless of their current management status.

You are now set to carry out management actions, custom actions, and workflows. To deactivate the management session, click the red “Turn off management session” button. 

Be aware that selecting “Disable advance management” will delete your management service account.

 

Option 2: Use Microsoft Global Admin credentials with MFA disabled

To activate the management session for the first time with a Microsoft Global Admin account and MFA disabled, follow these steps:

  1. Enter the credentials of a Global Admin without Multi-Factor Authentication (MFA) enabled.
  2. Select the green “Turn on management session” button. 

Enabling the management session can require some time, normally a few minutes. Once it is enabled, the header will show the “Management ON” message. Clicking on that, operators can view further details and turn it off.