Hello Team. I have CV data protection configured for Exchange Online, OneDrive and Teams. It’s been running successfully for some time. The customer wants azure ‘global administrator’ account to be substituted in the CV configuration for a different account (with less capabilities). CV documentation states that after the initial configuration ‘global administrator’ can be substituted but it does not specify with what account (and type) it can be substituted with.
Thanks!
if you would like to replace the global admin account with reduced permission
then each O365 app has its own requirement
Global admin account is mainly leverage for creation of appid and verfication of same inital configuraiton
few of the O365 apps uses azure appid only for discovery and backup purpose too
some reference in documentation (sharing for one app)
https://documentation.commvault.com/v11/essential/134726_give_azure_service_account_access_to_sharepoint_online_sites_in_basic_authentication_environment.html
The Office 365 with SharePoint (SharePoint Online) administrator account must have the following service accounts configured:
A SharePoint Online service account, which must meet the following requirements:
Must have either the SharePoint administrator role or the global administrator role assigned so that the SharePoint administrator or the global administrator can discover and back up the sites. For more information, see Assign admin roles in Office 365 in the Microsoft documentation.
Hi thank you for the response. Does there need to be a unique account for each role or can we assign all these rights to the one account ? Are the accounts in question specific to an O365 application (e.g. exchange online, onedrive, teams)?
The desire is to replace Global Administrator now that the configuration is complete and data protection operations are running.
With sunjay’s response in mind, can a sole account that is not (has lower capability) Global Administrator be used for exchange online, onedrive and teams (can 1 account of elevated capability be used for all 3 ) ?
“For the account security do we need to have a unique account for each role or can we assign all these rights to the one account?”
I need to know what the required rights are. How do I determine that ?
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
