This documentation is useful for the following roles - Microsoft 365 Global Admin & Microsoft 365 Privileged Role Administrators. 

Valid from v.25.8.1

Preserve365 relies on Microsoft Entra ID (formerly Azure AD) to manage who can do what inside the application. By assigning application roles through Security Groups, you keep control within your existing Microsoft 365 identity model. There are no parallel accounts or ad-hoc permissions to manage.

This setup ensures:

• Users authenticate with their normal Microsoft 365 account.

• Permissions are centrally managed through Entra, consistent with your wider security model.

• Access is scalable and auditable, aligned with enterprise best practice.

Prerequisites

To assign Preserve365 roles using Security Groups, you’ll need rights to create and manage role-assignable security groups in Microsoft Entra.

• At minimum, this requires the Privileged Role Administrator role.

• A Global Administrator (or equivalent) will also have sufficient permissions.

• If you don’t hold these rights, this task is typically handled by your senior IT administrator, cloud security lead, or identity/access management team.

Preserve365 Roles

The following application roles are available in the Preserve365 Enterprise Application:

• Preserve365 Administrator – Configure system settings and manage overall behaviour.

• Preserve365 Actions Manager – Perform bulk actions from the Admin Dashboard, such as bulk preservation.

• Preserve365 Copy – Copy records into the preservation library.

• Preserve365 Move – Move records into the preservation library.

Assigning Roles to Users

Preserve365 roles are best managed via Security Groups rather than direct user assignment. This makes access simpler to manage and easier to scale.

Step 1: Create Microsoft Entra Security Groups

1. Go to Microsoft Entra admin centre → Groups.

2. Click New group.

3. Configure the group as follows:

   • Group type: Security

   • Group name: e.g., Preserve365 Administrators

   • Description: e.g., Grants users permission to configure settings and manage system behaviour in Preserve365

   • Microsoft Entra roles can be assigned to the group: No

   • Membership type: Assigned

4. Repeat this process for each role:

   • Preserve365 Actions Manager

   • Preserve365 Copy

   • Preserve365 Move

Step 2: Assign Security Groups to Preserve365 Roles

1. In Entra → Enterprise Applications, select Preserve365.

2. Click Assign users and groups → Add user/group.

3. Under Users and groups, select the relevant Security Group (e.g., Preserve365 Administrators).

4. Under Select a role, choose the matching role (e.g., Preserve365 Administrator).

5. Repeat this process for the remaining Security Groups and roles.

Next Step: Assigning Users (when requested)

With the Preserve365 Enterprise Application installed and role-based Security Groups created, your part of the setup is complete for now.

When your compliance, records, or archive managers are ready to start using Preserve365, they will ask you to assign specific Microsoft 365 users (or Security Groups) to the appropriate roles you’ve prepared.

How to assign a Preserve365 role

In this example, we will assume you wish to assign a MS365 user the role of Preserve365 Administrator.

1. In Microsoft Entra admin centre → Enterprise Applications, select Preserve365.

2. Click Assign users and groups → Add user/group.

3. Under Users and groups, select the person you want to assign as Administrator.

4. Under Select a role, choose Preserve365 Administrator.

5. Click Assign.