Skip to main content
Tenant Registration FAQs

Quick answers related to global admin creds, app, permissions, KMS, and user deployment.

Updated over a week ago

Following are some of the most frequently asked questions for tenant registration.

Why do I need global admin credentials?

Global admin credentials are required to give consent to the required permissions to install the Druva App so it can perform backup and restore. The global admin role can be reduced to a normal user role later.

Global admin credentials are the highest level of permissions in Microsoft 365.

How to decide which app to install?

The set of permissions Druva requires differs depending on the apps you want to protect.

Depending on the Microsoft 365 Apps you want to protect, select the appropriate Druva App.

  • Advanced (Includes Multi-Geo) - Backs up the data for Exchange Online, Groups, OneDrive, Public folder, SharePoint, Teams

  • Basic - Backs up the data for Exchange Online, OneDrive, Public folder, SharePoint, Teams
    Use the Basic app when you want to protect this data without providing the Directory.ReadWrite.All permission.

  • Exchange Online & Public folder - Backs up the data for Exchange Online and Public folder

  • OneDrive & SharePoint - Backs up the data for OneDrive and SharePoint

What are the different permissions required to install the Druva App?

Each app requires different permissions depending on the workloads you are protecting. Druva requires the following permission types:

  • Application: Allows to perform actions using admin-driven consent.

  • Delegated: Allows to perform actions on behalf of a particular user.

For more detailed list of all permissions, see Microsoft 365 Permissions.

Why is Cloud Key Management required?

Cloud Key Management system is required to run scheduled backups wherein the data is encrypted.

Druva requires access to the data encryption key (ekey) to encrypt the user data during backups. The Cloud Key Management utilizes the AWS Cloud Key Management System (AWS KMS) to generate a Data Key. The Data Key is then used to encrypt the ekey. The encrypted key is then stored in the Druva Cloud. During the scheduled backup, the encrypted key in combination with the Data Key, is used to obtain the ekey required to run the scheduled backups. By default, the Cloud Key Management system is selected for data protection.

Why is Cloud Key Management recommended for data encryption?

Cloud Key Management system has the following benefits:

  • Remove dependency on AD Connector for scheduled backups for SaaS Apps.

  • Remove the risk of all backups failing in case of AD connector disconnections.

  • Reduce the risk of non-availability of backups in case of a ransomware attack.

  • Strict adherence to backup SLAs by removing the risk of backup interruptions due to environment maintenance.

How do I change the user deployment method?

Azure AD user deployment method is configured by default. You can change it later from the Overview page. You can change the user deployment method to SCIM or AD/LDAP.

How to reconnect a disconnected app?

To reconnect the app, you need to reconfigure it with global admin credentials.

  1. On the Overview page, click Re-Configure.

  2. On the Re-Configure for Backup page, click the three-dots menu, and click Re-Configure beside the app type that you want to reconfigure.

๐Ÿ“Œ Additional information

For detailed steps, see Configuration Guide.


Did this answer your question?