Nova Delegation and Policy Control (DPC) uses service accounts to manage tenants and to perform actions on behalf of delegated administrators.
You can review and manage these accounts on the Manage Administration > Service Accounts page.
For a service account to be effective:
- It needs to be a global administrator in the tenant.
- Multi-factor authentication should not be enabled on the account (It is used to programmatically run PowerShell sessions, and therefore cannot be multi-factor authentication enabled). Application passwords are not supported for the service account.
- It must be free from any policies that would restrict its access in the tenant. (For example a Conditional Access Policy that limits basic authentication attempts from internal IP addresses only.)
- It should be dedicated for use with Nova DPC.
If the password of the service account is changed, it must also be changed in Nova DPC.