Give the Azure Service Account Access to the SharePoint Online Sites, in a Basic Authentication Environment


Give the Azure service accounts access to the SharePoint Online sites, in a basic authentication environment.

Before You Begin

The Office 365 with SharePoint (SharePoint Online) administrator account must have the following service accounts configured:

  • A SharePoint Online service account, which must meet the following requirements:

    • Must have either the SharePoint administrator role or the global administrator role assigned so that the SharePoint administrator or the global administrator can discover and back up the sites. For more information, see Assign admin roles in Office 365 in the Microsoft documentation.

    • Multi-factor authentication must be disabled for the service account.

    • Must be created in Microsoft Azure AD only.

    • If you use more than 1 access node, the service account must have local log on rights.

    • For the SharePoint Online service account, a license is not required.

  • A local system account (Windows user), which is required when more than one access node is used, must meet the following requirements:

    • Must be a member of the local administrator group.

    • Must be a domain user.


  1. Log on to the Azure portal using your global administrator account.

  2. Go to Azure Active Directory.

    Create a user, disable multi-factor authentication for the user.

  3. Assign the user to the SharePoint administrator role.

For more information about creating a user, see Add or delete users using Azure Active Directory in the Microsoft documentation.