반품
-
제목
What permissions are required to restore Conditional Access Policies? -
설명
Access denied error when trying to restore conditional access policy. Also, in the logs is seen that the account used for restoring is the account that was originally used to grant consent and there is no option for changing this account to use a different one. -
해결 방안
To restore Conditional Access Policies On Demand Recovery requires the use of delegated token (impersonating the user who originally granted the consent to ODR's restore app). This is why this account is always impersonated when attempting to restore. If you want to use a different account you would have to regrant consent to the restore app logged on as the account that you plan to use for restores moving forward.
To restore Conditional Access Policy the account must have the Conditional Access Administrator role.
The following online technical documentation provides a list of permissions required to perform specific On Demand Recovery tasks:
https://support.quest.com/technical-documents/on-demand-recovery/current/user-guide/2#TOPIC-2164725