Link to home
Start Free TrialLog in
Avatar of Taylor Huckstep
Taylor HuckstepFlag for United States of America

asked on

Azure AD - Email Account

I have a generic email account i want to eliminate, and I'm not an Azure AD expert.  My IT guys are telling me they can't eliminate that email account because it's tied to Azure AD, and if they do, it might break things.  How can I investigate this generic account.  It poses a security risk as I'd prefer NOT to have that generic account used as a service account.  If IT guys leave, I don't want them taking that login credential with them.

Is there any truth to an email account being needed for Azure AD to function?  We have an On Premise AD DS that syncs with Azure AD and Office 365.

Thanks.
ASKER CERTIFIED SOLUTION
Avatar of Jeremy Weisinger
Jeremy Weisinger
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Taylor Huckstep
Taylor Huckstep
Flag of United States of America image

ASKER

We don't pay for Azure AD to my knowledge, so no subscription there.  We pay for Office 365 of course.  Where should I go look for information for Azure AD subscriptions tied to this email?
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
Azure AD is part of the Office 365 subscription..  as far as a generic email do you mean something like sales@example.com ? or is it an alternate email address i.e. myaccount@hotmail.com ?
Avatar of Nico S
Nico S
You need to do this on Powershell.
Get-AzureADDirectoryRole | where {$_.DisplayName -eq "Directory Synchronization Accounts"} | Get-AzureADDirectoryRoleMember

Open in new window

See other details.
Azure AD service account
Avatar of Taylor Huckstep
Taylor Huckstep
Flag of United States of America image

ASKER

example@companyname.com is the generic account name, and Microsoft said the Azure AD subscription is under that account.  Though we don't pay separately for Azure AD services.  They indicated I couldn't remove it, kind of confirming what my guys were saying.  I just need to know if I can disable that account in AD DS without affecting AAD services, or if I need to have this generic account with god like powers over Azure AD.  That's my concern.

That account is a global administrator in AAD.
SOLUTION
Avatar of Jeremy Weisinger
Jeremy Weisinger
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Taylor Huckstep
Taylor Huckstep
Flag of United States of America image

ASKER

Thank you, I also simultaneously had asked Microsoft Support to look at the account and they confirmed what you stated.  I can safely disable, but not delete the account used to subscribe to Azure AD, and it doesn't need any special licenses or permissions assigned, thank you!