A dedicated Microsoft service account with the Global Administrator role is required for creating Entra ID connectors, reauthenticating connectors, and performing certain backup and restore operations.


In what cases do I need a global admin?

  • Connector creation
    A Global administrator role must be used to create an Entra ID connector and to start the initial backup. This is necessary for Keepit to access the data and include it in the backup.

  • Connector reauthentication
    Instances when you may need to reauthenticate your connector:
    • If your Microsoft 365 session expires and the authentication between Microsoft and Keepit is no longer valid.

    • If you reauthenticate your connector using the reauthenticate key icon on the configuration window because you authorized your connector with the wrong Global admin account
    • If Keepit updates our product to take advantage of new Microsoft product capabilities that require changes to the permissions we request from the service 

  • Backup of BitLocker recovery keys
    A Global admin is needed to properly backup BitLocker recovery keys.

  • Restore of groups and users
    A Global admin is required for the proper restore of Entra ID groups and users.