Create a new Microsoft Office 365 service account

Contributors netapp-rlithman netapp-aherbin Download PDF of this page

When you create your new Microsoft Office 365 account, this account must have global administration permissions with a valid and assigned Microsoft Office 365 license.

This is not the only service account used to manage SaaS Backup for Microsoft Office 365. The following image points out the different service account types with descriptions below.

Service account descriptions

service account types

red number 1 The account used to sign up for SaaS Backup; it requires global administration permissions with a valid Microsoft Office 365 license during signup. It can be used for backup and restore operations.
red number 2 A zzzCCconfigacct is automatically created as a service account to discover Office 365 Groups.
red number 3 An additional service account can be added to enhance performance of backup and restore operations.

Create a new MS Office 365 service account with global administrator permissions

During signup, create an account with global permissions and a valid Microsoft Office 365 license. You can remove the global administration permissions and the license from this account after you complete signup.

Steps
  1. Log in to your Microsoft 365 Management portal using an account with administrative privileges.

  2. Click Users.

    Screenshot of users icon

  3. Select Active users, and then click Add a user.

    Screenshot of Microsoft 365 Admin Center

  4. Enter the details of the new service account.

    • First name

    • Last name

    • Display name

    • User name
      The user name is the name of the service account.

  5. Expand Roles, select Global administrator as the role, and then click Add.

    Screenshot of available administrator roles in Microsoft 365
    The service account details are sent to the administrator.

  6. Log in to your Microsoft 365 Management Portal with the new account to activate it.

  7. After signup, ensure this service account maintains three permissions:

    • Exchange Administrator

    • SharePoint Administrator

    • Application Impersonation Role

      This is especially important if you restrict the individual licenses for the Global administrator role.

ZZZ Config account

As part of your SaaS Backup subscription, a new account is created with ZZZ CC Config [GUID].

This auto-created account is used for discovering Shared/Archive mailboxes and private groups. It should have Exchange and SharePoint permissions (customized administrator in O365). It is recommended that you exclude this account from MFA policies.

To avoid any discovery or backup failures, leave the account as is.

Create additional service accounts

Service Accounts can be added in SaaS Backup for Microsoft Office 365 to improve the backup performance for a customer. A service account is a Microsoft Office 365 user account without a license; it is used for backup and restore operations.

This type of account requires 3 permissions:

  • Exchange administrator

  • SharePoint administrator

  • Application impersonation role

To add an additional service account, the service account must already exist in your Microsoft Office 365 environment. If you do not have an existing account, then create one.

To optimize performance, it is recommended that you have 1 service account added per 1000 users in Office 365.
Steps
  1. Log in to SaaS Backup for Microsoft Office 365.

  2. Click settings gear icon.

  3. Click Service Settings.

    click service settings

  4. To add a service account, click plus icon under Manage service accounts.

    click plus icon to add service account

    A confirmation message pops up.

    add new service account popup confirmation message

  5. Click Confirm.

  6. On the Microsoft Office 365 sign-in page, provide the credentials of the above mentioned service account to add it to SaaS Backup.