AvePoint Docs
Graph API
My support tickets
Graph API
My support tickets
English

    Home > Aviator > Aviator for SharePoint Online > Permissions Required by Destination SharePoint Online > Service Account Permissions

    Export to PDF

    Service Account Permissions

    The Tenant Owner and Service Administrators can also for Microsoft 365 to connect AvePoint Online Services to your Microsoft 365 tenant.

    *Note: Users with Multi-Factor Authentication (MFA) enabled cannot be used as the service account to perform Aviator jobs.

    If you use both the app profile and service account authentications for the destination, there are no permission requirements for the service account.

    If you only use the service account authentication for the destination, make sure the service account meets the following requirements:

    - **Site** **CollectionAdministrator** > ***Note**: If Fly detects that the service account is not the **Site Collection Administrator**, but the service account has the **SharePoint Administrator** or **Global Administrator** role, Fly will automatically add the service account as the **Site Collection Administrator** of the site collection. - **SharePoint** **Administrator** is also required in the following cases: - To create new site collections in the destination during the Aviator job, the destination service account must be the **SharePoint** **Administrator**. - To use the scan profile to scan SharePoint Online site collections in AvePoint Online Services, the service account must be the **SharePoint** **Administrator**. > ***Note**: If the **SharePoint Administrator** cannot access the SharePoint admin center, the **Global Administrator** is required. - If the source or destination is a group site or modern site, make sure the **Deny** permission is removed from the source or destination site.

    To remove the service account from the site collections, refer to the following steps:

    1. Click to download the Remove-SharePointOnlineUser.zip file. Then, extract the file.

    2. In the extracted folder, configure the site collection URLs from which you want to remove the service account in the sites.csv file.

    3. Install the SharePoint Online Management Shell on the Windows Server that can connect to your SharePoint Online. You can click the to download the SharePoint Online Management Shell.

    4. Open Windows PowerShell and enter the following commands in the Windows PowerShell window:

      . "file path"

      Replace file path with the full path of the Remove-SharePointOnlineUser.ps1 file in the extracted folder, and press Enter on the keyboard.

      The Remove-SharePointOnlineUser.ps1 file.

    5. Enter the following commands, and press Enter on the keyboard:

    Remove-SharePointOnlineUser -LoginName "" -AdministrationCenterUrl "" -Path ""

    - **LoginName** **" "** – The service account you want to remove. - **AdministrationCenterUrl** **" "** – The SharePoint Online admin center URL. - **Path " "** – The full path of the CSV file where the site collection URLs are configured. If you want to remove the service account from all site collections in the admin center, you do not need to enter the `-Path ""` parameter.