Requirements for general backup

The Microsoft 365 service account used to handle the backup must be assigned the Global administrator role.

Requirements for activity logs backup (for Entra ID Advanced)

To back up Entra ID activity logs, at least one of the users on the tenant must have an appropriate license and role:

  • Entra ID Premium 1 or Premium 2 license to access the Entra ID sign-in logs in the Microsoft Entra portal.
  • Global Administrator or Security Administrator access for the Entra ID tenant.

Create an Entra ID connector

Important: Before you begin, please make sure you are signed out of all personal Microsoft accounts and are only signed into the account you will be using for backup. Otherwise, please sign in to Keepit in an incognito window.

1. On the Connectors page, in the upper-right corner, select + Add connector > Add Entra ID —Āonnector

2. Select Sign in to be redirected to the Microsoft sign-in page. Enter the M365 credentials for your global admin service account. 

3. Read through the permissions and allow access by selecting Accept.

Note: You will only be asked for permissions the first time you create a connector. After that, Keepit retains the permissions it needs.  After the initial connector creation, we retain the necessary permissions for ongoing backups, reducing the need for repeated authorization.

4. You will be redirected back to Keepit where you can configure your connector.

Here you can:

For Entra ID Advanced, by default all data areas will be included. Here you can customize the backup:

  • Configure the backup of logs by clicking the gear icon next to Activity Logs
    Here you can also specify how many hours or days of activity logs to include in the initial backup.
    ImportantLimiting the backup's activity log time span may shorten the initial backup duration.
  • Configure the backup of policies by clicking the gear icon 

5. Select Create. Your connector will be created and the first backup will be scheduled.