Create an Microsoft 365 service account

Steps to create an Microsoft 365 service account

  1. Log in to the Microsoft 365 admin center as a Global Administrator.
  2. Click on Admin.
  3. Navigate to Users → Active users in the left pane.
  4. Choose Add a user.
  5. Enter the Display name and Username. (First name and Last name are optional)
  6. Choose the Let me create the password option and provide a password of your choice.
  7. Click on Next.
  8. A service account does not require a license. Hence, select your usage location and Create user without product license radio button.
  9. Click on Next.
  10. Under the Roles option, select the Admin center access and choose the required roles. (Exchange Admin is mandatory)
  11. Click on Next.
  12. Choose Finish adding.

Minimum scope

The roles and permissions (minimum scope) required for a service account configured in M365 Manager Plus are listed below.

Module Role Name Scope
Management User Administrator Manage users, contacts and groups.
Privileged Authentication Administrator Reset password, block or unblock administrators.
Privileged Role Admin Manage role assignments in Azure Active Directory.
Exchange Administrator Update mailbox properties
Teams Service Admin Manage Microsoft Teams
Reporting Global Reader Get reports on all Microsoft 365 services
Security Reader Security Reader
Auditing and Alerting Security Reader Get audit logs and sign-in reports
Monitoring - -
Content Search - -


  • If Application is not configured, the Service Admin role is required for the Monitoring feature.
  • The Application needs to be configured to use the Content Search feature.

The roles and permissions (minimum scope) required for an application configured in M365 Manager Plus are listed below.

Module API Name Permission Scope
Management Microsoft Graph User.ReadWrite.All User creation, modification, deletion and restoration.
Group.ReadWrite.All Group creation, modification, deletion, restoration. And add or remove members and owners.
Reporting Microsoft Graph User.Read.All Users and group members report.
Group.Read.All Group reports.
Contacts.Read Contact reports.
Files.Read.All OneDrive for Business reports.
Reports.Read.All Usage reports.
Organization.Read.All License details reports.
AuditLog.Read.All Audit log-based reports
Azure Active Directory Graph Domain.Read.All Domain-based reports.
Auditing and Alerting Microsoft Graph AuditLog.Read.All Audit reports and alerts.
Monitoring Office 365 Management APIs ServiceHealth.Read Health and performance reports.
Content Search Microsoft Graph Mail.Read Content search reports.
Get download link