In order to make the setup process as easy as possible, we've automated a lot of the steps and powershell. In order to run these powershell scripts on your Office 365 Tenant, we need your admin credentials.
We have a number of requirements for these credentials:
1) MUST NOT use "federated" sign in.
2) MUST NOT use Multi-Factor Authentication.
3) We required GLOBAL ADMIN rights in order to complete the first step which creates a domain in your Office 365 Tenant. There is no other user level that can create domains. Microsoft documentation for this is available here.
1) You use a ".onmicrosoft.com" account for this purpose.
2) Once the first steps have been followed and you've been notified of completion, Global Admin rights can be revoked and "Teams Admin" rights can be granted.
3) You follow your standard password renewal processes and update the credentials in our Teams Portal when you change the password.
How we store your credentials securely:
1) We store every unique credential encrypted at rest with it's own AES 256 key. Passwords are stored within an encrypted database on top of being encrypted themselves.
2) VIA Staff cannot access the keys and therefore cannot access the credentials.
3) Credentials are encrypted in transit.