Required accounts and permissions for an Azure AD scan
To perform an Azure AD scan, you must configure two accounts:
The "Process account" is used to execute the scan process on the selected collector. This account must have local administrative rights and interactive logon privileges on the collector.
The "scan account" is used for the actual scan. This account must have the permissions described in the section "Prepare Office 365 integration".