Requirements for general backup

The Microsoft 365 service account used to handle the backup must be assigned the Global administrator role.

Requirements for activity logs backup (for Entra ID Advanced)

To back up Entra ID activity logs, at least one of the users on the tenant must have an appropriate license and role:

  • Entra ID Premium 1 or Premium 2 license to access the Entra ID sign-in logs in the Microsoft Entra portal.
  • Global Administrator or Security Administrator access for the Entra ID tenant.


Create an Entra ID connector

For users with Entra ID Advanced, we recommend creating separate connectors for Activity Logs. You can use the same global administrator account to create each connector.

Before you begin: Ensure you are signed out of all personal Microsoft accounts and only signed into the account you will use for backup. Alternatively, sign in to Keepit using an incognito window.

1. On the Connectors page, in the upper-right corner, select Add connectorAdd Entra ID сonnector

2. Select Sign in to be redirected to the Microsoft sign-in page. Enter the M365 credentials for your global admin service account. 

3. Review the permissions and select Accept to allow access.

Note: You will only be asked for permissions the first time you create a connector. After that, Keepit retains the necessary permissions for ongoing backups, reducing the need for repeated authorization.

4. You will be redirected back to Keepit to configure your connector. 

Here you can:

For Entra ID Advanced:

  • Configure the backup of logs by clicking the gear icon next to Activity Logs
    Here you can also specify how many hours or days of activity logs to include in the initial backup.
    Important: Limiting the backup's activity log time span may shorten the initial backup duration.
  • Configure the backup of policies by clicking the gear icon 

5. Select Create. Your connector will be created and the first backup will be scheduled.