Enrolling Service Account with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions like delete, update change settings, etc. without user intervention. For this reason, it's recommended that service accounts not have Admin rights.
  • Recommended Mitigation

    Change Service Account role to restrict admin privileges