Give the Azure Service Account Access to the SharePoint Online Sites, in a Modern Authentication Environment


Give the Azure service account access to the SharePoint Online sites, in a modern authentication environment.

Before You Begin

For Commvault user license computation purposes, the SharePoint Online service account must meet the following requirements:

  • The service account must be created in Azure.

  • Multi-factor authentication must be disabled for the service account.

  • In the Azure portal, the Security defaults tenant-level option must be disabled.

  • The account must be either of the following:

    • A SharePoint administrator account

    • An Office 365 user account that has PowerShell access rights

  • A local system account (Windows user), which is required when more than one access node is used, must meet the following requirements:

    • Must be a member of the local administrator group.

    • Must be a domain user.


  1. Log on to the Azure portal using your global administrator account.

  2. Go to Azure Active Directory.

    Create a user, disable multi-factor authentication for the user.

  3. Assign the user to the SharePoint administrator role.

For more information about creating a user, see Add or delete users using Azure Active Directory in the Microsoft documentation.