Permissions Changelog
This section contains information about changes in permissions required for Veeam Backup for Microsoft 365 7.0 comparing to version 6.0.
Azure AD Application Permissions
The following table lists changes in permissions for modern app-only authentication:
API | Permission name | Type | Usage | Description | Status |
---|---|---|---|---|---|
Microsoft Graph | Directory.ReadWrite.All | Application | Restore | Setting the preferred data location when creating a new M365 group for a multi-geo tenant in case of teams restore. | new |
Office 365 Exchange Online | Exchange.ManageAsApp | Application | Backup | Accessing Exchange Online PowerShell. Note: This permission is required only to back up public folder and discovery search mailboxes as well as determine correctly object type for shared mailboxes starting from Veeam Backup for Microsoft 365 version 7 CP4 (build 7.0.0.3968). This permission works along with the Global Reader role granted to the Azure AD application. For more information, see Permissions for Backup and Granting Global Reader Role to Azure AD Application. | new |
Azure Blob Storage and Azure Blob Storage Archive
If you want to use the Azure archiver appliance when Veeam Backup for Microsoft 365 copies backed-up data between different instances of Azure Blob Storage or to Azure Blob Storage Archive, you must assign the required roles to a user account that you use to create Azure AD application for the Microsoft Azure service account.
The changes are:
- A user account must have the Application Administrator role instead of Global Administrator.
- Minimal required permissions for a custom Azure AD application are added.
For more information, see Permissions for Azure Archiver Appliance.
If you want to store Microsoft 365 and on-premises Microsoft organization backups and backup copies in Azure Blob Storage and Azure Blob Storage Archive, you must grant permissions to a user account that you use to access this object storage. For more information, see Azure Blob Storage Permissions.
Amazon S3 Object Storage
If you want to store Microsoft 365 and on-premises Microsoft organization backups and backup copies in Amazon S3 object storage, you must grant permissions for each Amazon S3 object storage and allow a user account access to Amazon buckets and folders. For more information, see Supported Amazon S3 Storage Classes and Amazon S3 Storage Permissions.