Best practices for use of service accounts

Nicol Hanekom · ‎Sep 15 2021

We are fairly early in our journey on the use of Power Platform and SharePoint online. Some devs in the org have done some pretty cool things with Power Platform, Graph etc, but their solutions all run under their own accounts. I'm getting more and more questions now on how we can make these run under a generic service account so that these solutions are not dependent on the dev's account remaining active. Do you guys use service accounts? One account for all solutions? A different account for each solution? How do you license these accounts? Do you give the credentials to devs or is there a way to create a token? Looking for some ideas and best practices. Thanks.

thijoubertold · ‎Sep 15 2021

Very short answer : never give the prod credentials to your devs :)

Short answer : if you want to secure the Graph API requests, you should follow at least :
- One service account (Managed Identity / Enterprise Application) per usage to follow the least privilege principle
- Store your secrets within an Azure Key Vault (you will find a lot of documentation on the Internet)

Other interesting links:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/service-accounts-governing-azur...
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/service-accounts-introduction-a...

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Best practices for use of service accounts

Best practices for use of service accounts

Re: Best practices for use of service accounts