Documentation forAccess Rights Manager

Required accounts and permissions for an Azure AD scan

To perform an Azure AD scan, you must configure two accounts:

Process Account

The "Process account" is used to execute the scan process on the selected collector. This account must have local administrative rights and interactive logon privileges on the collector.

Scan Account

The "scan account" is used for the actual scan. This account must have the permissions described in the section "Prepare Office 365 integration".