Global admin necessary for connector creation
A dedicated Microsoft service account with the Global administrator role must be used to create an Azure AD connector and to start the backup.
This is necessary for Keepit to access the data and include it in the backup.
Remove the Global admin role
After the connector has been created, the Global admin role can be removed from the user and the backup will continue to run successfully. You do not need to wait for the initial backup to complete to remove the Global admin role.
The user can be assigned a different admin role or can be made a regular user with no admin center access.
To remove the Global admin role:
1. In the Microsoft 365 admin center, navigate Users > Active users.
2. From the list of users, find and select the Global admin user used to set up the backup.
3. Under Roles select Manage roles.
4. Select User (no admin center access) or desired admin role.
5. Select Save changes.
Re-authenticating your connector
To re-authenticate your connector, you will need to re-assign the Global admin role to the user before you authenticate. After you authenticate you can again remove the Global admin role.
Instances when you may need to re-authenticate your connector:
- If you need to update your credentials because your Microsoft 365 session expired and authentication between Microsoft and Keepit is no longer valid
- If you re-authenticate your connector using the re-authenticate key icon on the configuration screen because you have authorized your connector with the wrong Global admin account