Step 5. Register or Select Azure AD Application

In this article

    At this step of the wizard, you can create a new application in Azure Active Directory or select an existing one.

    Use this method if you have selected the Register a new Azure AD application automatically option at the previous step of the wizard.

    Use this method if you have selected the Use an existing Azure AD application option at the previous step of the wizard.

    Registering New Azure AD Application

    You can register a new Azure AD application in Azure Active Directory. Veeam Backup for Microsoft 365 will use this application for data exchange with your Microsoft 365 organizations during backup and restore sessions.

    When registering a new Azure AD application, Veeam Backup for Microsoft 365 automatically grants the required permissions to this application.

    To register a new Azure AD application, do the following:

    1. In the Name field, enter a name that you want to use to register a new Azure AD application in your Azure Active Directory.
    2. Click Install to specify an SSL certificate that you want to use for data exchange between Veeam Backup for Microsoft 365 and an Azure AD application.
    3. In the Select Certificate wizard, select a certificate. For more information, see Installing SSL Certificates.

    You can generate a new self-signed certificate or use an existing one. Before using an existing certificate, make sure to register this certificate in Azure Active Directory. For more information, see this Microsoft article. When generating a new self-signed certificate, Veeam Backup for Microsoft 365 will register it automatically.

    1. Select the Allow this application to enable export mode for SharePoint Web Parts check box to allow Veeam Backup for Microsoft 365 to back up web parts of your Microsoft SharePoint websites. For more information about web parts, see this Microsoft article.

    By default, web parts of Microsoft SharePoint sites that belong to Microsoft 365 organization with enabled security defaults have the allowexport property set to false which prevents Veeam Backup for Microsoft 365 from having a direct access to such web parts.

    If this check box is selected, Veeam Backup for Microsoft 365 automatically alters the allowexport property of each web part and sets this property to true. After the allowexport property is set to true, a web part can be backed up without any limitations.

    Register Azure AD Application

    Using Existing Azure AD Application

    You can specify an existing Azure AD application in your Azure Active Directory. Veeam Backup for Microsoft 365 will use this application for data exchange with your Microsoft 365 organizations during backup and restore sessions.

    To use an existing application, do the following:

    1. In the Username field, enter a user account that you want to use for impersonation. For more information about impersonation, see this Microsoft article.

    You can enter any account that belongs to your Microsoft 365 organization using the following format: name@<domain_name>.<domain>. For example, user@abc.com.

    Mind that if you select only SharePoint Online and OneDrive for Business services to protect at the Select Organization Deployment Type step, Veeam Backup for Microsoft 365 displays the Specify organization name field instead. In this field, specify a domain name of your Microsoft 365 organization without the user name. For example, abc.com.

    1. In the Application ID field, specify an identification number of Azure AD application that you want to use to access your Microsoft 365 organization.

    You can find this number in the application settings of your Azure Active Directory. For more information, see this Microsoft article.

    1. Click Install to specify an SSL certificate that you want to use for data exchange between Veeam Backup for Microsoft 365 and the specified Azure AD application.
    2. In the Select Certificate wizard, select a certificate. For more information, see Installing SSL Certificates.

    You can generate a new self-signed certificate or use an existing one. Before using an existing certificate, make sure to register this certificate in Azure Active Directory. For more information, see this Microsoft article. When generating a new self-signed certificate, Veeam Backup for Microsoft 365 will register it automatically.

    1. Select the Grant this application required permissions and register its certificate in Azure AD check box to automatically grant required permissions to Azure AD application.

    Veeam Backup for Microsoft 365 will also register the specified certificate in your Azure Active Directory.

    Mind that if this check box is not selected, Veeam Backup for Microsoft 365 skips the Log in to Microsoft 365 step and proceeds to Finish Working With Wizard.

    1. Select the Allow this application to enable export mode for SharePoint Web Parts check box to allow Veeam Backup for Microsoft 365 to back up web parts of your Microsoft SharePoint websites. For more information about web parts, see this Microsoft article.

    By default, web parts of Microsoft SharePoint sites that belong to Microsoft 365 organization with enabled security defaults have the allowexport property set to false which prevents Veeam Backup for Microsoft 365 from having a direct access to such web parts.

    If this check box is selected, Veeam Backup for Microsoft 365 automatically alters the allowexport property of each web part and sets this property to true. After the allowexport property is set to true, a web part can be backed up without any limitations.

    Specify Azure AD Application