Adaxes

Least Privileged Permissions Adaxes service account

0 votes

Dear Reader, Currently we have Adaxes installed to manage mostly the on-premises user base. However some activities are extended to Office 365.

Here we notice that Adaxes installed a account called "Softerra Adaxes" of the type: service priciple in the Global Administrator group in Azure. Recently we implemented Azure PIM and we're not alowed to have any account with direct access to global admin privlidges then the emergency break glass account.

Basically the question is if we could remove this account from the global admin group and when we do so how will this affect Adaxes?

Thanks in advance, Maarten

by (20 points)

1 Answer

0 votes
by (288k points)

Hello Maarten,

First of all, it is recommended to use an Entra (former Azure AD) app for your Microsoft 365 tenant registration in Adaxes instead of a user account. For details, see https://www.adaxes.com/help/RegisterAdaxesAsAppMicrosoftAzure. If you still want to keep a user account, you can revoke the Global Admin role, but you will have to assign both the User Administrator and Exchange Administrator roles.

Related questions

0 votes
1 answer
How can we minimize permissions of Domain Service Account and still retain Adaxes functionality?

Hello, We have recently begun setting up Adaxes and are trying to exercise least privilege on both of the accounts we have created to manage the service. ... account is also given the appropriate Security Role within the Adaxes administrative console.

asked Sep 12, 2023 by just.kon (20 points)
0 votes
1 answer
What permissions does the service account need to make changes to active directory?

I am working with Adaxes for the first time. Looking to set up the service account so it can actually make changes to AD not just to register the Adaxes Service. I would rather ... the Adaxes service. What I am unable to do is have adaxes make changes to AD.

asked Sep 21, 2022 by mightycabal (1.0k points)
0 votes
1 answer
What is the least set of permissions you can give the program?

Hello, New to this program and we are setting it up now. I wanted to know if there is a least permissions setup for the Service account. I dont want to have an account that ... that can still be a service account for Adaxes and manage limited OU's in my AD.

asked Mar 18, 2022 by LEGIT1 (150 points)
0 votes
1 answer
Adaxes Service Account

Hello We are trying to Demo Adaxes version 2019.01. We created a read only service account but apparently the "account doesn't have enough privileges to register a service ... . Do we need to grant Domain admin to this service account? Why? Thanks Dave

asked Jun 25, 2019 by davidotz8 (120 points)
0 votes
1 answer
Adaxes Service Account

I changed a password on my Domain Admin account yesterday, I come in today and my HelpDesk is reporting the Adaxes interface is reporting an error, "The Username and or ... the MSI, and then remove the Adaxes Service Account, then go back and install it?

asked Jan 24, 2019 by rurbaniak (1.4k points)
3,541 questions
3,232 answers
8,225 comments
547,802 users