Why are Microsoft 365 Global Admin rights required to set up Secure Email Threat Defense?

Cisco does not physically accept your Microsoft 365 credentials, nor do we cache or store the Global Admin's credentials. Secure Email Threat Defense redirects you to Microsoft's Azure application registration process so it can issue an authentication token for Microsoft's APIs. Only a Global Admin can authorize this token.

For more information, refer to the Microsoft documentation for a discussion of admin rights for applications: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent/.