When is the Global Admin role required for Entra ID backup service account? : Help Center

A dedicated Microsoft service account with the Global Admin role is required for creating and reauthenticating Entra ID connectors, as well as for certain backup and restore operations.

When do I need a Global Admin?

Connector creation
A Global Admin role is required to create an Entra ID connector and start the initial backup. This ensures Keepit has the necessary permissions to access and back up your data.

Connector reauthentication

You may need to reauthenticate your connector in the following cases:

Your Microsoft 365 session expires, making the authentication between Microsoft and Keepit invalid.
You used the wrong Global Admin account when authorizing the connector and need to reauthenticate via the Reauthenticate key icon in the configuration window.
Keepit updates the product to leverage new Microsoft product capabilities, requiring updated permissions.

Backup of BitLocker recovery keys
A Global Admin is required to properly back up BitLocker recovery keys.

Restore of groups and users
A Global Admin is required for the proper restoration of Entra ID groups and users.

When is the Global Admin role required for Entra ID backup service account?

When do I need a Global Admin?

Related Articles