Skip to main content

Permissions required for Microsoft Entra ID

This article provides the permissions that Druva needs to back up Microsoft Entra ID data.

Updated yesterday

ℹ️ Info

Druva uses .ReadWrite.All to create, read, or update data in Microsoft Entra ID.

Druva uses .Read.All to read data from Microsoft Entra ID.

Users

API permissions

Permission type

Usage

User.ReadWrite.All

User.Read.All

Application

To backup and restore user objects

Groups

API permissions

Permission type

Usage

Group.ReadWrite.All

Group.Read.All

GroupMember.ReadWrite.Al

Application

To backup and restore group objects and their members/owners

Applications

API permissions

Permission type

Usage

Application.ReadWrite.All Application.Read.All

Application

To backup and restore application objects and their members/owners

ServicePrincipals

API permissions

Permission type

Usage

Application.ReadWrite.All Application.Read.All

AppRoleAssignment.ReadWrite.All

Application

To backup and restore enterprise applications objects and their members/owners

Devices

API permissions

Permission type

Usage

Device.Read.All

Application

To backup device objects and their owners

directoryRole

API permissions

Permission type

Usage

RoleManagement.ReadWrite.Directory

RoleManagement.Read.Directory

Application

To backup inbuilt directory roles and their assignments/members

Custom Roles

API permissions

Permission type

Usage

RoleManagement.Read.Directory

RoleManagement.ReadWrite.Directory

Application

To backup and restore custom roles and their assignments/members (P2/E3/E5 license is required)

User Setting(Authorization Policy)

API permissions

Permission type

Usage

Policy.Read.All

Policy.ReadWrite.Authorization

Application

To backup and update user settings

TenantSetting

API permissions

Permission type

Usage

Directory.Read.All Policy.ReadWrite.SecurityDefaults, DeviceManagementServiceConfig.Read.All DeviceManagementServiceConfig.ReadWrite.All

Organization.ReadWrite.All

Application

To backup and update tenant settings, getting company branding, organization information

Administrative Unit

API permissions

Permission type

Usage

AdministrativeUnit.ReadWrite.All

AdministrativeUnit.Read.All

Application

To backup and restore administrative units and manage membership (users/groups) inside them.

Conditional Access policy

API permissions

Permission type

Usage

Policy.ReadWrite.ConditionalAccess

Policy.Read.ConditionalAccess

Application

To backup and restore conditional access policies

Related Articles
Microsoft 365 Permissions for Druva App
Introduction to Microsoft Entra ID Data Protection
Configure backup for your Microsoft Entra ID tenant’s data
Microsoft Entra ID backup and restore FAQs
Druva Microsoft Entra ID Jobs Page
Did this answer your question?