The following table lists required permissions for user accounts to back up and restore Microsoft Exchange data.
Required Roles and Permissions
For more information, see:
Restore to Microsoft Office 365 and on-premises Microsoft Exchange from backups created in Veeam Backup & Replication and Veeam Backup for Microsoft Office 365
To restore data to Microsoft Office 365 and on-premises Microsoft Exchange, make sure to configure user accounts as follows:
Restore to a Public Folder
Restore to a Mailbox
Restore Using Modern App-Only Authentication Method
The account used to log in to Microsoft Office 365 must be assigned the following roles:
Also make sure that the required settings are specified for the Azure AD application used for restore. For more information, see the Required Azure AD Application Settings section of the Veeam Backup for Microsoft Office 365 User Guide.
To assign the Organization Management role, use the following cmdlet.
Add-RoleGroupMember “Organization Management” –Member “<user_account>”
For more information about the Add-RoleGroupMember cmdlet, see this Microsoft article.
To grant Full Access to the account that owns a mailbox, use the following cmdlet.
Add-MailboxPermission –Identity “<target_mailbox>” -User “<user_account>” -AccessRights FullAccess –InheritanceType All
For more information about the Add-MailboxPermission cmdlet, see this Microsoft article.
To grant Full Access to the account that do not own a mailbox (i.e. through impersonation), use the following cmdlet.
New-ManagementRoleAssignment -Name "<role_name>" -Role ApplicationImpersonation -User "<user_account>"
For more information about the New-ManagementRoleAssignment cmdlet, see this Microsoft article.
Recalling Given Permissions
To recall given access level, run either of the following cmdlets.
Remove-ManagementRoleAssignment -Identity <role_name>