Hello SharePointer 🙂
When I was working on building my first SharePoint Farm on Azure, I read somewhere that different service accounts for the various services were necessary !!
So I asked myself- Why do I need to create separate service accounts if I can just use the farm account instead ?
Luckily I found the article where Eric has nicely explained the purpose of separate service accounts in SharePoint, though my question was again that why do we need to follow the least privileged account principles?
After brushing up my mind , I regarded a SharePoint Farm as one organization. Imagine the Farm Account as the CEO of the entire organization and the service accounts are then managers of various projects (services). Even though the CEO has all the rights he will be extremely busy and normally perform administrative duties, whereas the managers ( service accounts ) will manage only their project related tasks. So the CEO delegates tasks to his subordinate managers and assign responsibilities to them accordingly, without giving them responsibilities for other projects.
So to run your SharePoint farm as secure and controllable as possible, it’s recommended to follow the best practices given by Microsoft by using different accounts with only the necessary privileges, and then things became clearly understandable to me 🙂
Enjoy Run of SharePoint 🙂 !