Assign Administrator Roles to Service Account

The following Administrative roles must be granted to the Service account for allowing the Service Provider operator to connect to the customer Microsoft 365 platform for Background synchronization:

Role	Purpose	Validation Conditions
Application Administrator	Creates Enterprise app automatically which will be able to synchronize with the M365 tenant and complete the Token Onboarding.	This permission is only required during onboarding and can be removed after onboarding. Alternatively the Service account can request consent by another admin with Global, Application, or Cloud application roles (see Setup Admin Consent Workflow Permissions).
Domain Name Administrator	Creates M365 custom sub-domain for performing fully automatic DNS provisioning option in the onboarding wizard.	This permission is only required during onboarding or when adding a site. It is recommended to keep this permission, however, it can be removed at later stages.
User Administrator	Creates user with phone system license (M365 Activation user) while onboarding (requirement of Microsoft).	This permission is only required during onboarding or when adding a site. It is recommended to keep this permission, however, it can be removed at later stages.
Skype for Business Admin	Runs Teams PowerShell.	Always required. The background replication with the token or username password connects to Azure with the PowerShell connection string shown below: connect-azuread -MsAccessToken $tokens.Item1 -AadAccessToken $tokens.Item3 -AccountId $m365usernameThe background replication with the token or username password connects to Azure with the PowerShell connection string shown below: connect-azuread -MsAccessToken $tokens.Item1 -AadAccessToken $tokens.Item3 -AccountId $m365username
Teams Communications Administrator	Creates Voice Routes and manages users. In Live Platform, specifically runs the Background Replication process to sync users, policies, setup LifeCycle management and assign numbers to users.	Always required.