Skip to main content
All CollectionsMicrosoft Entra ID
Permissions required for Microsoft Entra ID
Permissions required for Microsoft Entra ID

This article provides the permissions that Druva needs to back up Microsoft Entra ID data.

Updated over 6 months ago

ℹ️ Info

Druva uses .ReadWrite.All to create, read, or update data in Microsoft Entra ID.

Druva uses .Read.All to read data from Microsoft Entra ID.


ObjectName/API

API permissions

Permission type

Usage

Users

User.ReadWrite.All

User.Read.All

Application

To backup and restore user objects

groups

Group.ReadWrite.All

Group.Read.All

GroupMember.ReadWrite.Al

Application

To backup and restore group objects and their members/owners

applications

Application.ReadWrite.All Application.Read.All

Application

To backup and restore application objects and their members/owners

servicePrincipals

Application.ReadWrite.All Application.Read.All

AppRoleAssignment.ReadWrite.All

Application

To backup and restore enterprise applications objects and their members/owners

devices

Device.Read.All

Application

To backup device objects and their owners

directoryRole

RoleManagement.ReadWrite.Directory,

RoleManagement.Read.Directory

Application

To backup inbuilt directory roles and their assignments/members

Custom Roles

RoleManagement.Read.Directory, RoleManagement.ReadWrite.Directory

Application

To backup and restore custom roles and their assignments/members (P2/E3/E5 license is required)

User Setting(Authorization Policy)

Policy.Read.All, Policy.ReadWrite.Authorization

Application

To backup and update user settings

TenantSetting

Directory.Read.All Policy.ReadWrite.SecurityDefaults, DeviceManagementServiceConfig.Read.All DeviceManagementServiceConfig.ReadWrite.All, Organization.ReadWrite.All

Application

To backup and update tenant settings, getting company branding, organization information

Did this answer your question?