Showing results for 
Search instead for 
Did you mean: 
Frequent Visitor

Security considerations for Flow connections - Using a Service Account

We are after some best practise guidance for managing Flow connections. I have read few suggestions to use a 'service account' rather than 'personal credentials' when creating Flow. This seems to be a sensible solution e.g. consider the implications of a user with Global Admin rights creating a Flow having connections that use their own credentials. 


However, we have some questions as below. Could anybody who use a service account today share their experience as whether it's been good solution.


- Using a service account comes with additional cost as account itself would require O365 license. I am thinking at least an E3 license to provide the service account access to SharePoint (to update list items) and Exchane Online (for ability to send emails).

- One service account used across many Flows would end up with many permissions e.g. A service account having permissions to many different SharePoint sites.

- How multi-factor authentication would apply to this Service Account. Would this account need to bypass MFA.







Helpful resources

Microsoft Ignite

Microsoft Ignite

Join digitally, March 2–4, 2021 to explore new tech that's ready to implement. Experience the keynote in mixed reality through AltspaceVR!

New Super Users

Meet the Power Automate Super Users!

Many congratulations to the Season 1 2021 Flownaut Crew!

New Badges

New Solution Badges!

Check out our new profile badges recognizing authored solutions!

MPA Community Blog

Power Automate Community Blog

Check out the community blog page where you can find valuable learning material from community and product team members!

Users online (42,926)