Required accounts and permissions for a SharePoint scan
For a SharePoint scan, two accounts are to be configured:
The "Process account" is used to execute the scan process on the selected collector. This account must have local administrative rights and interactive logon privileges on the collector.
The "scan account" is used for the actual scan. This account must always be the same as the owner account registered for the site collection (= primary site collection administrator). The corresponding user account is defined when a site collection is created and can only be viewed or changed via the SharePoint central administration.
Navigate in the Central Administration to:
application management -> site collections -> Change site collection administrators -> Selection of the site collection -> Primary site collection administrator
Identify the primary site collection administrator in SharePoint Online