Permissions for Modern Authentication and Legacy Protocols

In this article

    The following table lists required permissions that must be granted to Azure AD applications to perform a backup for organizations with modern authentication with legacy protocols allowed.

    All listed permissions are of the Application type and required for data backup.

    API

    Permission name

    Exchange Online

    SharePoint Online and OneDrive for Business

    Microsoft Teams

    Description

    Microsoft Graph

    Directory.Read.All

    Querying Azure AD for organization properties, the list of users and groups and their properties.

    Group.Read.All

    Querying Azure AD for the list of groups and group sites.

    TeamSettings.ReadWrite.All

     

     

    Accessing archived teams.

    Sites.Read.All

     

     

    Accessing sites of the applications that are installed from the SharePoint store.

    Exchange

    full_access_as_app

     

    Reading mailboxes content.

    SharePoint

    Sites.FullControl.All

     

    Reading SharePoint sites and OneDrive accounts content.

    User.Read.All

     

    Reading OneDrive accounts (getting site IDs).