Permissions Changelog

In this article

    You can learn what was changed in permissions required for Veeam Backup for Microsoft 365 6a comparing to version 5.0.

    Azure AD Application Permissions

    The following table lists changes in permissions for modern app-only authentication:

    API

    Permission name

    Type

    Usage

    Description

    Status

     

    Microsoft Graph

    Sites.Read.All

    Application

    Backup

    Querying Azure AD for the list of sites and getting download URLs for files and their versions.

    new

    Sites.Read.All

    Delegated

    Restore

    Accessing sites of the applications that are installed from the SharePoint store.

    new

    Sites.Read.All

    Application

    Restore

    Accessing sites of the applications that are installed from the SharePoint store.

    new

    Sites.ReadWrite.All

    Application

    Backup

    Querying Azure AD for the list of sites and getting download URLs for files and their versions.

    removed

    TeamSettings.ReadWrite.All

    Application

    Restore

    Restoring teams to the archived state.

    removed

    Directory.ReadWrite.All

    Delegated

    Restore

    Setting the preferred data location when creating a new M365 group for a multi-geo tenant in case of teams restore.

    new

    ChannelMessage.Read.All

    Application

    Backup

    Accessing all Teams public channel messages.

    Note: This permission is only required if you want to back up team chats using Teams Export APIs.

    new

     

    SharePoint

    User.ReadWrite.All

    Delegated

    Restore

    Resolving OneDrive accounts (getting site IDs).

    removed

    User.Read.All

    Delegated

    Restore

    Resolving OneDrive accounts (getting site IDs).

    Note: This permission is not required to restore SharePoint Online data.

    new

    User.Read.All

    Application

    Restore

    Resolving OneDrive accounts (getting site IDs).

    Note: This permission is not required to restore SharePoint Online data.

    changed

    The following table lists changes in permissions for modern authentication and legacy protocols:

    API

    Permission name

    Type

    Usage

    Description

    Status

    Microsoft Graph

    Sites.Read.All

    Application

    Backup

    Accessing sites of the applications that are installed from the SharePoint store.

    new

    If you allow users to perform self-service restore using Restore Portal, they will authenticate to the portal with their Microsoft 365 user account credentials. Veeam Backup for Microsoft 365 requires Azure AD application to be configured and granted permissions to ensure such authentication. For more information, see Permissions for Authentication to Restore Portal.

    If you want to use the Azure archiver appliance when Veeam Backup for Microsoft 365 copies backed-up data from Azure Blob storage to Azure Archive storage, you must assign the required roles to a user account that you use to create Azure AD application for the Microsoft Azure service account. For more information, see Permissions for Azure Archiver Appliance.

    Amazon S3 Storage Permissions

    If you create an instance of your backed-up data in Amazon S3 Glacier or Amazon S3 Glacier Deep Archive storage, you must grant permissions to a user account that you use to access Amazon buckets and folders. For more information, see Amazon S3 Storage Permissions.

    Azure Archive Storage

    If you create an instance of Microsoft 365 and on-premises Microsoft organization backups in Azure Blob Storage Archive access tier, you must grant permissions to a user account that you use to access Azure archive storage. For more information, see Azure Archive Storage Permissions.