Microsoft SharePoint and OneDrive for Business

The following tables list the required roles and permissions that must be assigned to the Veeam Backup account that you want to use for working with Microsoft SharePoint and OneDrive for Business organizations. The section lists roles required by Veeam Backup for Microsoft 365 when you add Microsoft 365 organizations using modern authentication with legacy protocols allowed or basic authentication and on-premises Microsoft organizations.

Consider the following:

  • To add Microsoft SharePoint Online organizations, make sure that the LegacyAuthProtocolsEnabled setting is enabled.

To enable this setting, use the following cmdlet.

Set-SPOTenant -LegacyAuthProtocolsEnabled $True

For more information about the Set-SPOTenant cmdlet, see this Microsoft article.

  • The account you are using to add on-premises Microsoft SharePoint and Microsoft SharePoint Online organizations must be a member of these organizations.

Note

For more information about permissions required to restore Microsoft SharePoint data from backups created by Veeam Backup for Microsoft 365, see Required Permissions for Veeam Explorer for Microsoft SharePoint.

On-Premises Microsoft SharePoint Organizations

The following table lists required roles that must be assigned to the account that you want to use to add on-premises Microsoft SharePoint organizations:

Role

Description

Misc.

Site Collection Administrator

Required to back up Microsoft SharePoint Sites.

The account must be a member of the Farm Administrator group.

Microsoft SharePoint Online Organizations

The following table lists required roles that must be assigned to the account that you want to use to add Microsoft SharePoint Online organizations:

Role

Description

Misc.

SharePoint Admin

Required to back up Microsoft SharePoint Sites.

You can assign the Global Admin role that overrides these roles.

View-only Configuration

Required to get a list of available groups and users.

View-Only Recipients

Granting SharePoint Administrator Role in PowerShell

To grant the SharePoint Administrator role using PowerShell (for Microsoft SharePoint Online organizations), use the following code snippet.

Connect-MsolService

$role=Get-MsolRole -RoleName "SharePoint Administrator"

$accountname="example@domain.com"

Add-MsolRoleMember -RoleMemberEmailAddress $accountname -RoleName $role.Name

The $accountname variable must be a user UPN (example@domain.com).

The MSOL module can be downloaded from this Microsoft page.