This is an archive version of the document. To get the most up-to-date information, see the current version.

Azure AD Application Permissions

Veeam Backup for Microsoft 365 requires that you grant permissions to Azure AD applications to back up and restore data from/to your Microsoft 365 organizations. Azure AD applications must have different permissions in organizations with modern app-only authentication and organizations with modern authentication and legacy protocols. For more information, see the following sections:

If you allow users to perform self-service restore using Restore Portal, they will authenticate to the portal with their Microsoft 365 user account credentials. Veeam Backup for Microsoft 365 requires Azure AD application to be configured and granted permissions to ensure such authentication. For more information, see Permissions for Authentication to Restore Portal.

If you want to use the Azure archiver appliance when Veeam Backup for Microsoft 365 copies backed-up data from Azure Blob storage to Azure Archive storage, you must assign the required roles to a user account that you use to create Azure AD application for the Microsoft Azure service account. For more information, see Permissions for Azure Archiver Appliance.

For more information about permissions in Azure, see this Microsoft article.