@mzator
if you would like to replace the global admin account with reduced permission
then each O365 app has its own requirement
- Sharepoint online app minimum required would be sharepoint administrator
- Teams app requires teams administrator
- Exchange app requires exchange amdministrator
- Onedrive for business app requires onedrive administrator
Global admin account is mainly leverage for creation of appid and verfication of same inital configuraiton
few of the O365 apps uses azure appid only for discovery and backup purpose too
some reference in documentation (sharing for one app)
https://documentation.commvault.com/v11/essential/134726_give_azure_service_account_access_to_sharepoint_online_sites_in_basic_authentication_environment.html
The Office 365 with SharePoint (SharePoint Online) administrator account must have the following service accounts configured:
A SharePoint Online service account, which must meet the following requirements:
Must have either the SharePoint administrator role or the global administrator role assigned so that the SharePoint administrator or the global administrator can discover and back up the sites. For more information, see Assign admin roles in Office 365 in the Microsoft documentation.
Hi thank you for the response. Does there need to be a unique account for each role or can we assign all these rights to the one account ? Are the accounts in question specific to an O365 application (e.g. exchange online, onedrive, teams)?
@mzator No you could use one account for all apps. If its global admin it should have all required rights.
The desire is to replace Global Administrator now that the configuration is complete and data protection operations are running.
With sunjay’s response in mind, can a sole account that is not (has lower capability) Global Administrator be used for exchange online, onedrive and teams (can 1 account of elevated capability be used for all 3 ) ?
“For the account security do we need to have a unique account for each role or can we assign all these rights to the one account?”
I need to know what the required rights are. How do I determine that ?