Keepit uses the OAuth 2.0 authorization grant flow to get permissions to access Microsoft. This flow allows the Global administrator to share protected content from Microsoft 365 without sharing their credentials. 

When you authenticate your connector with Global admin credentials, Keepit sends you to Microsoft to grant permissions to Keepit. After you approve Keepit's request, you are redirected back to Keepit with an authorization code that allows Keepit to access the data it needs to back up. 

At no point during this process does Keepit receive or store your credentials, so you can rest assured that your credentials are completely secure.

For more information about authentication in Microsoft identity platform, see: Authentication vs. authorization

For more information about the OAuth 2.0 client credentials flow, see: Microsoft identity platform and the OAuth 2.0 client credentials flow