Requirements for general backup

The Microsoft 365 service account used to handle the backup must be assigned the Global administrator role.

Requirements for activity logs backup (for Azure AD Advanced)

To back up Azure AD activity logs, at least one of the users on the tenant must have an appropriate license and role:

  • Azure AD Premium 1 or Premium 2 license to access the Azure AD sign-in logs in the Azure portal.
  • Global Administrator or Security Administrator access for the Azure AD tenant.

Create an Azure AD connector

Important: Before you begin, please make sure you are signed out of all personal Microsoft accounts and are only signed into the account you will be using for backup. Otherwise, please sign in to Keepit in an incognito window.

1. On the Connectors page, in the upper-right corner, select + Add connector > Add Azure AD сonnector

2. Select Sign in to be redirected to the Microsoft sign-in page. Enter the M365 credentials for your global admin service account. 

3. Read through the permissions and allow access by selecting Accept.

Note: You will only be asked for permissions the first time you create a connector. After that, Keepit retains the permissions it needs.  After the initial connector creation, we retain the necessary permissions for ongoing backups, reducing the need for repeated authorization.

4. You will be redirected back to Keepit where you can configure your connector.

Here you can:

For Azure AD Advanced, by default all data areas will be included. Here you can customize the backup:

  • Configure the backup of logs by clicking the gear icon next to Activity Logs
    Here you can also specify how many hours or days of activity logs to include in the initial backup.
    Important: Limiting the backup's activity log time span may shorten the initial backup duration.
  • Configure the backup of policies by clicking the gear icon 

5. Select Create. Your connector will be created and the first backup will be scheduled.