Step 5. Register or Select Microsoft Entra Application

At this step of the wizard, you can create a new application in Microsoft Entra ID (formerly Azure Active Directory) or select an existing one.

Registering a new application

Use this method if you have selected the Register a new Azure AD application automatically option at the previous step of the wizard.

Using an existing application

Use this method if you have selected the Use an existing Azure AD application option at the previous step of the wizard.

Registering New Microsoft Entra Application

Note

If you want to back up team chats and you have selected the Teams chats check box at the Select Organization Deployment Type step of the wizard, registering a new Microsoft Entra application is unavailable.

You can register a new Microsoft Entra application in Microsoft Entra ID (formerly Azure Active Directory). Veeam Backup for Microsoft 365 will use this application for data exchange with your Microsoft 365 organizations during backup and restore sessions.

When registering a new Microsoft Entra application, Veeam Backup for Microsoft 365 automatically grants the required permissions to this application.

To register a new Microsoft Entra application, do the following:

In the Name field, enter a name that you want to use to register a new Microsoft Entra application in your Microsoft Entra ID (formerly Azure Active Directory).
Click Install to specify an SSL certificate that you want to use for data exchange between Veeam Backup for Microsoft 365 and a Microsoft Entra application.
In the Select Certificate wizard, select a certificate. For more information, see Installing SSL Certificates.

You can generate a new self-signed certificate or use an existing one. Before using an existing certificate, make sure to register this certificate in Microsoft Entra ID (formerly Azure Active Directory). For more information, see this Microsoft article. When generating a new self-signed certificate, Veeam Backup for Microsoft 365 will register it automatically.

Select the Allow this application to enable export mode for SharePoint Web Parts check box to allow Veeam Backup for Microsoft 365 to back up web parts of your Microsoft SharePoint websites. For more information about web parts, see this Microsoft article.

By default, web parts of Microsoft SharePoint sites that belong to a Microsoft 365 organization with modern app-only authentication have the allowexport property set to false which prevents Veeam Backup for Microsoft 365 from having a direct access to such web parts.

If this check box is selected, Veeam Backup for Microsoft 365 automatically alters the allowexport property of each web part and sets this property to true. After the allowexport property is set to true, a web part can be backed up without any limitations.

Using Existing Microsoft Entra Application

You can specify an existing Microsoft Entra application in your Microsoft Entra ID (formerly Azure Active Directory). Veeam Backup for Microsoft 365 will use this application for data exchange with your Microsoft 365 organizations during backup and restore sessions.

To use an existing application, do the following:

In the Username field, enter a user account that you want to use for impersonation. For more information about impersonation, see this Microsoft article.

You can enter any account that belongs to your Microsoft 365 organization using the following format: name@<domain_name>.<domain>. For example, user@abc.com.

Note

If you plan to back up public folder mailboxes, this user account must be granted the Owner role and have a valid Exchange Online license and an active mailbox within the Microsoft 365 organization.

Keep in mind that if you select only SharePoint Online and OneDrive for Business services to protect at the Select Organization Deployment Type step, Veeam Backup for Microsoft 365 displays the Specify organization name field instead. In this field, specify a domain name of your Microsoft 365 organization without the user name. For example, abc.com.

In the Application ID field, specify an identification number of Microsoft Entra application that you want to use to access your Microsoft 365 organization.

You can find this number in the application settings of your Microsoft Entra ID (formerly Azure Active Directory). For more information, see this Microsoft article.

Click Install to specify an SSL certificate that you want to use for data exchange between Veeam Backup for Microsoft 365 and the specified Microsoft Entra application.
In the Select Certificate wizard, select a certificate. For more information, see Installing SSL Certificates.

Select the Grant this application required permissions and register its certificate in Azure AD check box to automatically grant the required permissions to Microsoft Entra application.

Veeam Backup for Microsoft 365 will also register the specified certificate in your Microsoft Entra ID (formerly Azure Active Directory).

Keep in mind that you do not need to select this check box if you have granted the required permissions to the specified Microsoft Entra application beforehand and already registered its certificate in Microsoft Entra ID (formerly Azure Active Directory). If the Grant this application required permissions and register its certificate in Azure AD check box is not selected, Veeam Backup for Microsoft 365 skips the Log in to Microsoft 365 step and proceeds to Finish Working With Wizard.

Select the Allow this application to enable export mode for SharePoint Web Parts check box to allow Veeam Backup for Microsoft 365 to back up web parts of your Microsoft SharePoint websites. For more information about web parts, see this Microsoft article.