Keepit uses the OAuth 2.0 authorization grant flow to get permissions to access Microsoft. This flow allows the Global administrator to share protected content from Office 365 without sharing their credentials. 

When you log in to Keepit with Global admin credentials, Keepit sends you to Microsoft to grant permissions to Keepit. After you approve Keepit's request, you are redirected back to Keepit with an authorization code that allows Keepit to access the data it needs to back up. 

At no point during this process does Keepit receive or store your credentials, so you can rest assured that your credentials are completely secure.

For more information about authentication in Microsoft identity platform, see: https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios

For more information about the OAuth 2.0 client credentials flow, see: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow