Configurations by Authentication Method (SaaS)

  • Last update on April 17th, 2026

Table of Contents

This article applies exclusively to Configuration Manager SaaS.

 

Find below the configurations managed with 

  • Service Principal
  • User authentication

Configurations managed with Service Principal

  • Defender > Settings > Email & Collaboration > Priority Account Protection
  • Entra ID > Administrative Units
  • Entra ID > Administrative Units > Members
  • Entra ID > App Registrations
  • Entra ID > App Registrations > Secrets
  • Entra ID > App Registrations > Token Lifetime Policies
  • Entra ID > Applications > Policies
  • Entra ID > Authorization Policies
  • Entra ID > Conditional Access > Terms of Use
  • Entra ID > Custom Security Attributes
  • Entra ID > Custom Security Attributes > Allowed Values
  • Entra ID > Directory Settings
  • Entra ID > Enterprise Applications
  • Entra ID > Enterprise Applications > Claims Mapping Policies
  • Entra ID > Enterprise Applications > Consent and Permissions > Admin Consent Settings
  • Entra ID > Enterprise Applications > Home Realm Discovery Policies
  • Entra ID > Enterprise Applications > Token Lifetime Policies
  • Entra ID > External Collaboration Settings
  • Entra ID > External Collaboration Settings > Authentication Method Configurations
  • Entra ID > External Identities > Cross-tenant Access Settings > Default Settings
  • Entra ID > External Identities > Cross-tenant Access Settings > Microsoft Cloud Settings
  • Entra ID > External Identities > Cross-tenant Access Settings > Organizational Settings
  • Entra ID > External Identities > Cross-tenant Access Settings > Organizational Settings > Identity Synchronization
  • Entra ID > Feature Rollout
  • Entra ID > Feature Rollout > Applies to
  • Entra ID > Groups
  • Entra ID > Groups > Expiration
  • Entra ID > Groups > Members
  • Entra ID > Groups > Owners
  • Entra ID > Home Realm Discovery Policies
  • Entra ID > Identity Governance > Connected Organizations
  • Entra ID > Identity Governance > Connected Organizations > External Sponsors
  • Entra ID > Identity Governance > Connected Organizations > Internal Sponsors
  • Entra ID > Licenses > All Products
  • Entra ID > Organization (Company Branding)
  • Entra ID > Organization (Company Branding) > Branding > Localizations
  • Entra ID > Organization > Certificate-based Authentication
  • Entra ID > Privileged Identity Management > Entra Roles > Access Reviews
  • Entra ID > Privileged Identity Management > Entra Roles > Assignments
  • Entra ID > Privileged Identity Management > Policies and Rules
  • Entra ID > Privileged Identity Management > Policies and Rules > Rules
  • Entra ID > Roles and Administrators
  • Entra ID > Security > Conditional Access > Authentication Contexts
  • Entra ID > Security > Conditional Access > Authentication Strengths
  • Entra ID > Security > Conditional Access > Named Locations
  • Entra ID > Security > Conditional Access > Policies
  • Entra ID > Security > Identity Protection > Users at Risk Detected Alerts
  • Entra ID > Users
  • Entra ID > Users > User Settings > External Users
  • Intune > Apps
  • Intune > Apps > App Configuration Policies
  • Intune > Apps > App Protection Policies (Platform = Android)
  • Intune > Apps > App Protection Policies (Platform = iOS/iPadOS)
  • Intune > Apps > App Protection Policies (Platform = Windows 10)
  • Intune > Devices > Compliance > Policies
  • Intune > Devices > Compliance > Scripts
  • Intune > Devices > Compliance Policies > Compliance Policy Settings
  • Intune > Devices > Compliance Policies > Notifications
  • Intune > Devices > Compliance Policies > Notifications > Localized Notification Messages
  • Intune > Devices > Configuration Profiles
  • Intune > Devices > Configuration Profiles (Import ADMX)
  • Intune > Devices > Configuration Profiles (Profile Type = Administrative Templates)
  • Intune > Devices > Configuration Profiles (Profile Type = Administrative Templates) > Assignments
  • Intune > Devices > Configuration Profiles (Profile Type = Administrative Templates) > Definition Values
  • Intune > Devices > Configuration Profiles (Settings Catalog)
  • Intune > Devices > Configuration Profiles > Assignments
  • Intune > Devices > Feature Updates for Windows 10 and Later
  • Intune > Devices > Quality Updates for Windows 10 and Later
  • Intune > Devices > Scripts
  • Intune > Devices > Windows Autopilot Deployment Profiles
  • Intune > Devices > Windows Autopilot Deployment Profiles > Assignments
  • Intune > Devices > Windows Updates > Driver Updates
  • Intune > Endpoint Security
  • Intune > Endpoint Security > Firewall > Reusable Settings
  • Intune > Endpoint Security > Security Baselines
  • Intune > Endpoint Security > Settings
  • Intune > Policy Sets
  • Intune > Tenant Administration > Filters
  • Intune > Tenant Administration > Roles
  • Intune > Tenant Administration > Roles > Role Assignments
  • Intune > Tenant Administration > Roles > Scope Tags
  • Intune > Tenant Administration > Roles > Scope Tags > Assignments
  • M365 Admin Center > Domains
  • Exchange > Admin Audit Log Config
  • Exchange > Availability Address Spaces
  • Exchange > Availability Config
  • Exchange > CAS Mailbox Plan
  • Microsoft 365 > Exchange > Client Access Rules
  • Exchange > Distribution Groups
  • Exchange > Distribution Groups > Members
  • Defender > Policies & Rules > Thread Policies > Email Authentication Settings
  • Exchange > Dynamic Distribution Groups
  • Exchange > Email Address Policies
  • Exchange > Inbound Connectors
  • Exchange > Mail flow > Connectors
  • Exchange > IRM Configuration
  • Purview > Data Lifecycle Management > Journal Rules
  • Exchange > Mail Flow > Accepted Domains
  • Exchange > Mail Flow > Remote Domains
  • Exchange > Mailbox Plans
  • Exchange > Mailboxes
  • Exchange > Mailboxes > Permissions
  • Defender > Policies & Rules > Thread Policies > Malware Filter Policies
  • Defender > Policies & Rules > Thread Policies > Malware Filter Policies
  • Exchange > Mobile Device Access > Device Access Rules
  • Exchange > Mobile Device Mailbox Policies
  • Exchange > Modern Authentication
  • Exchange > OME Configuration
  • Exchange > On-premises Organizations
  • Exchange > Organization Config
  • Exchange > Organization Relationship
  • Exchange > Outbound Connectors
  • Exchange > Roles > Outlook web app Policies
  • Exchange > Partner Applications
  • Exchange > Policy Tip Config
  • Purview > Data Lifecycle Management > Retention Labels
  • Purview > Data Lifecycle Management > Retention Labels
  • Exchange > Role Assignment Policies
  • Exchange > Sharing Policies
  • Defender > Settings > Email & Collaboration > Priority Account Protection
  • Exchange > Transport Config
  • Exchange > Transport Rules
  • Defender > Email & Collaboration > Policies > Anti-spam
  • Defender > Email & Collaboration > Policies > Anti-spam
  • Defender > Email & Collaboration > Policies > Anti-spam
  • Defender > Email & Collaboration > Policies > Anti-spam
  • Defender > Email & Collaboration > Policies > Anti-spam
  • Defender > Email & Collaboration > Policies > Anti-phishing
  • Defender > Email & Collaboration > Policies > Anti-phishing
  • Defender > Email & Collaboration > Policies > Safe Attachments
  • Defender > Email & Collaboration > Policies > Safe Attachments
  • Defender > Email & Collaboration > Policies > Safe Attachments
  • Defender > Email & Collaboration > Policies > Safe Attachments
  • Defender > Email & Collaboration > Policies > Safe Links
  • Defender > Email & Collaboration > Policies > Anti-spam
  • Teams > Teams apps > Manage apps
  • Teams > Apps > Setup Policies
  • Teams > Meetings > Live Event Policies
  • Teams > Meetings > Meeting Policies
  • Teams > Meetings > Meeting Settings
  • Teams > Messaging Policies
  • Teams > Org-wide Settings > Teams Settings
  • Teams > Update Management Policies
  • Teams > Users > External Access
  • Teams > Voice > Call Hold Policies
  • Teams > Voice > Calling Policies
  • SharePoint > Settings

Configurations managed with user authentication

To use User Account Authentication, you must check that Security Defaults is disabled. Learn what Security Defaults are and how to disable them in Microsoft documentation.

 

Backup Users and Groups
Only users and groups that are explicitly referenced by other supported configurations are backed up.

 
  • Intune > Apps > App Configuration Policies
  • Intune > Devices > Enrollment Restrictions
  • Intune > Reports > Endpoint Analytics > Proactive Remediations
  • Entra ID > Password Reset > On-premises Integration
  • Entra ID > Device Settings
  • M365 Admin Center > Domains > Federation Configuration
  • Exchange > Address Book Policy
  • Exchange > Address List
  • Exchange > Offline Address Book
  • Exchange > Address List
  • Defender > Settings > Microsoft Defender XDR > Email Notifications > Incidents
  • Defender > Configuration Management > Device Configuration
  • Defender > Hunting > Advanced Hunting > Queries > Shared Queries
  • Defender > Settings > Microsoft Defender XDR > Email Notifications > Actions
  • Purview > Settings > Roles and Scopes > Adaptive Scopes
  • Purview > Data Lifecycle Management > Retention Policies
  • Purview > Data Lifecycle Management > Retention Policies
  • Purview > eDiscovery > Cases
  • Purview > eDiscovery > Cases
  • Purview > eDiscovery > Cases
  • Purview> Information Governance > Compliance Retention Event Types
  • Purview > Information Governance > Compliance Tags
  • Purview > Data Loss Prevention > Policies
  • Purview > Data Loss Prevention > Policies
  • Purview > Data Loss Prevention > Sensitive info Types
  • Purview > File Plan Property Authorities
  • Purview > File Plan Property Categories
  • Purview > File Plan Property Citations
  • Purview > File Plan Property Departments
  • Purview > File Plan Property Reference Ids
  • Purview > File Plan Property Reference Sub Categories
  • Purview > Information Protection > Sensitivity Labels
  • Purview > Information Protection > Sensitivity Labels > Policies
  • Purview > Protection Alerts
  • Purview > Data Lifecycle Management > Retention Labels
  • Purview > Data Lifecycle Management > Retention Labels
  • Purview > File Plan Property Departments
  • Purview > File Plan Property Departments
  • Purview > File Plan Property Departments
  • SharePoint Admin Center > Sites
  • SharePoint Admin Center > Settings and Policies

Via CoreView Management Service Account plus specific roles

To enable the below configurations:

  • All configurations: assign the Global Admin role to the CoreView Management Service Account.
  • A subset of configurations: assign only the specific roles required for each Configuration Type. 

Go to this guide to learn how to add a role to the Management Service Account.

List of configurations

  • M365 Admin Center > Settings > Org Settings > Adoption Score
  • M365 Admin Center > Settings > Org Settings > Self Service Trials And Purchases
  • M365 Admin Center > Settings > Org Settings > Security & Privacy > Idle Session Timeout
  • M365 Admin Center > Settings > Org Settings > User Owned Apps And Services > Let Users Start Trials On Behalf Of Your Org
  • M365 Admin Center > Settings > Org Settings > Services > Microsoft Viva Insights (Formerly MyAnalytics)
  • M365 Admin Center > Settings > Org Settings > Microsoft Forms
  • M365 Admin Center > Settings > Org Settings > Microsoft 365 On The Web > Let Users Open Files Stored In Third-party
  • Storage Services In Microsoft 365 On The Web
  • Entra ID > Enterprise Applications > User Settings
  • Entra ID > Devices > Enterprise State Roaming
  • Entra ID > External User Guest Settings
  • Entra ID > Mobility (MDM and MAM)
  • Entra ID > Password Reset
  • Entra ID > User Settings
  • Entra ID > Security > Identity Protection

Related Articles

DID THIS PAGE HELP YOU?