Permissions Changelog

This section contains information about changes in permissions required for Veeam Backup for Microsoft 365 7.0 comparing to version 6.0.

Azure AD Application Permissions

The following table lists changes in permissions for modern app-only authentication:

API

Permission name

Type

Usage

Description

Status

Microsoft Graph

Directory.ReadWrite.All

Application

Restore

Setting the preferred data location when creating a new M365 group for a multi-geo tenant in case of teams restore.

new

Azure Blob Storage and Azure Blob Storage Archive

If you want to use the Azure archiver appliance when Veeam Backup for Microsoft 365 copies backed-up data between different instances of Azure Blob Storage or to Azure Blob Storage Archive, you must assign the required roles to a user account that you use to create Azure AD application for the Microsoft Azure service account.

The changes are:

  • A user account must have the Application Administrator role instead of Global Administrator.
  • Minimal required permissions for a custom Azure AD application are added.

For more information, see Permissions for Azure Archiver Appliance.

If you want to store Microsoft 365 and on-premises Microsoft organization backups and backup copies in Azure Blob Storage and Azure Blob Storage Archive, you must grant permissions to a user account that you use to access this object storage. For more information, see Azure Blob Storage Permissions.

Amazon S3 Object Storage

If you want to store Microsoft 365 and on-premises Microsoft organization backups and backup copies in Amazon S3 object storage, you must grant permissions for each Amazon S3 object storage and allow a user account access to Amazon buckets and folders. For more information, see Supported Amazon S3 Storage Classes and Amazon S3 Storage Permissions.