Azure AD Application Permissions

Veeam Backup for Microsoft 365 requires that you grant permissions to Azure AD applications within the following usage scenarios:

Permissions of the Azure AD application depend on the authentication method that you plan to use when adding a Microsoft 365 organization. For more information, see the following sections:

If you allow users to perform self-service restore using Restore Portal, they will authenticate to the portal with their Microsoft 365 user account credentials. To ensure such authentication, an Azure AD application must be configured. Veeam Backup for Microsoft 365 automatically grants the required permissions to this Azure AD application or you can grant permissions manually. For more information, see the following sections:

You can optionally use the Azure archiver appliance when Veeam Backup for Microsoft 365 copies backed-up data between different instances of Azure Blob Storage or to Azure Blob Storage Archive. To enable usage of the Azure archiver appliance, the Microsoft Azure service account is required. You must assign the required roles to a user account that you use to create an Azure AD application for the Microsoft Azure service account. Veeam Backup for Microsoft 365 automatically grants the required permissions to this Azure AD application or you can grant permissions manually. For more information, see the following sections:

For more information about permissions in Azure, see this Microsoft article.