To set up a Dynamics 365 connector, ensure the service account has the Global administrator role and a valid Dynamics license. For detailed instructions, see: Set up your Dynamics 365 backup
After creating the connector, you can remove the Global admin role from the service account without disrupting the backup process.
However, to maintain uninterrupted backups, follow these crucial steps.
Important: Removing the Global admin role means you'll need to reassign it when reauthenticating a connector, as Global admin rights are necessary for this process.
I. Prepare a service account admin to use to create the connector.
Your Microsoft service account needs to have two roles assigned: Global Administrator and Dynamics 365 Administrator.
- Sign in to the Microsoft 365 admin center as an admin.
- In the left-hand menu, navigate to Active users under Users.
- Select the user and click Manage roles.
- Select Global Administrator and Dynamics 365 Administrator.
- Click Save changes.
II. Create a Dynamics 365 connector with the authorization of this service account.
For details on how to add a Dynamics 365 connector, refer to: Set up your Dynamics 365 backup
III. Remove Global Admin and add Power Platform Admin roles.
After your connector has been created, you can immediately remove the GA role. You do not have to wait for the initial backup to complete.
- Sign in to the Microsoft 365 admin center as an admin.
- In the left-hand menu, navigate to Active users under Users.
- Select the user and click Manage roles.
- Deselect Global Administrator.
- Select Power Platform Administrator.
- Click Save changes.
IV. Ensure the user has a System Admin role in the Power Platform center for each environment you want to back up.
- In the left-hand menu of the Microsoft admin center, select Show all > All admin centers.
- Select the Dynamics 365 Apps, which will direct you to the Power Platform admin center.
- Under Environments, select the environment you want to backup.
- In the Access section, under Users, select See all.
- Ensure that the service account is listed among the users.
a. If the user is missing, in the upper-left corner, click Add user and enter the user's name. - Verify that your user has the System Administrator role enabled.
a. Select the user and click Manage roles.
b. If the user does not have the System Administrator role, select it and click Save.
Note: Repeat for each environment you want to back up.
Now your backups will run without the Global admin role.