Permissions for Modern Authentication and Legacy Protocols
The following table lists required permissions that must be granted to Azure AD applications to perform a backup for organizations with modern authentication with legacy protocols allowed.
All listed permissions are of the Application type and required for data backup.
API | Permission name | Exchange Online | SharePoint Online and OneDrive for Business | Microsoft Teams | Description |
|---|---|---|---|---|---|
Microsoft Graph | Directory.Read.All | ✔ | ✔ | ✔ | Querying Azure AD for organization properties, the list of users and groups and their properties. |
Group.Read.All | ✔ | ✔ | ✔ | Querying Azure AD for the list of groups and group sites. | |
TeamSettings.ReadWrite.All |
|
| ✔ | Accessing archived teams. | |
Sites.Read.All |
| ✔ |
| Accessing sites of the applications that are installed from the SharePoint store. | |
Office 365 Exchange Online | full_access_as_app | ✔ |
| ✔ | Reading mailboxes content. |
Office 365 SharePoint Online | Sites.FullControl.All |
| ✔ | ✔ | Reading SharePoint sites and OneDrive accounts content. |
User.Read.All |
| ✔ | ✔ | Reading OneDrive accounts (getting site IDs). |