Overview
This article explains how to create a Read-Only Administrator account in Office 365 for use with Nova. It is important that you complete all the steps. Service account can be created via:
- PowerShell
- Microsoft 365 Admin Center
It is recommended that you use the PowerShell method, as this contains less steps, however at the bottom of this article you can also find some steps on how to do this via the Admin Portal.
Your organization will not be charged by Microsoft for this account as it does not require an Office 365 licence.
Creating the Service Account using PowerShell
Connecting to Office 365
Before we begin, you need to install the “Microsoft Online Service Module” onto your machine. The “Set up your computer to use Powershell” section of our Connecting to Office 365 using PowerShell blog shows you how to do this.
Now open up Windows PowerShell and Copy & Paste in the following commands to connect to Office 365.
Please enter the username and password of an Office 365 Administrator account when prompted.
$Office365credentials = Get-Credential Import-Module MSOnline Connect-MsolService -Credential $Office365credentials
Creating the Service Account
Now that you are connected to Office 365 in PowerShell, we can create the Service account.
Modify the line below and set the company.onmicrosoft.com part to match your own Office 365 .onmicrosoft.com domain and replace the password with a secure password of your own. We recommend a password of 10 characters or more that includes a mixture of capital and lower case letters, numbers and special characters.
New-MSolUser -DisplayName "Service Account for Nova Reporting" -UserPrincipalName "NovaReporting@company.onmicrosoft.com" -Password "Password123" -PasswordNeverExpires $true -ForceChangePassword $false
Next we need to add our new account to the ‘Global reader’. You can do this by copying and pasting the following line into the PowerShell window.
Remember to set the company.onmicrosoft.com part to match your Office 365 domain name
Add-MSOLRoleMember –RoleName "Global reader" –RoleMemberEmailAddress NovaReporting@company.onmicrosoft.com
Please note that you will not receive any confirmation if the commands are successful. You can check if the service account was set correctly by running PowerShell commands below:
$role = Get-MsolRole -RoleName "Global reader" Get-MsolRoleMember -RoleObjectId $role.ObjectId
Creating the Service Account via the Microsoft 365 Admin Center
You can also create the service account via the Microfost 365 Admin Center, however you would still need to run a final PowerShell cmdlet to ensure that the password does not expire.
- On the Admin home page, go to Users -> Active users and click on button Add a user
- Enter a Display Name (“Service Account for Nova Reporting”)
- Enter a User Name (“NovaReporting”)
- Ensure that the domain is the company.onmicrosoft.com one
- Select “Let me create a password” and enter a strong one
- Ensure “Require this user to change their password when they first sign in” is NOT ticked
- In Product licenses page choose “Create user without product license”
- In Optional settings page chose Admin center access and select Global reader
- Review all your data and click Finish adding in last page
Note
If the password of the service account needs to be changed or is expired, it must be changed in Office and in Tenant Management System Client.
If your company policy allows passwords to never expire you can do it via PowerShell:
Set-MsolUser -UserPrincipalName NovaReporting@company.onmicrosoft.com -PasswordNeverExpires $true
