Requirements for general backup
The Microsoft 365 service account used to handle the backup must be assigned the Global administrator role.
Requirements for activity logs backup
To back up Azure AD activity logs, at least one of the users on the tenant must have an appropriate license and role:
- Azure AD Premium 1 or Premium 2 license to access the Azure AD sign-in logs in the Azure portal.
- Global Administrator or Security Administrator access for the Azure AD tenant.
Create an Azure AD connector
Important: Before you begin, please make sure you are signed out of all personal Microsoft accounts and are only signed into the account you will be using for backup. Otherwise, please sign in to Keepit in an incognito window.
1. On the Connectors page, in the lower-right corner, select Add connector > Add Azure AD сonnector.
2. Select Sign in to be redirected to the Microsoft sign-in page. Enter the M365 credentials for your global admin service account.
3. Read through the permissions and allow access by selecting Accept.
Note: You will only be asked for permissions the first time you create a connector. After that, Keepit retains the permissions it needs.
4. You will be redirected back to Keepit where you can configure your connector.
Here you can:
- Change the name of the connector
- Configure the backup of logs by selecting the gear icon next to Activity Logs
- Manage user access to the connector by selecting the lock icon
- Limit the retention period by selecting the calendar icon
5. Select Create. Your connector will be created and the first backup will be scheduled.