Step 5. Register or Select Azure AD Application

At this step of the wizard, you can create a new application in Azure Active Directory or select an existing one.

Use this method if you have selected the Register a new Azure AD application automatically option at the previous step of the wizard.

Use this method if you have selected the Use an existing Azure AD application option at the previous step of the wizard.

Registering New Azure AD Application

Note

If you selected the Teams chats check box at the Select Organization Deployment Type step of the wizard, registering a new Azure AD application is unavailable.

You can register a new Azure AD application in Azure Active Directory. Veeam Backup for Microsoft 365 will use this application for data exchange with your Microsoft 365 organizations during backup and restore sessions.

When registering a new Azure AD application, Veeam Backup for Microsoft 365 automatically grants the required permissions to this application.

To register a new Azure AD application, do the following:

  1. In the Name field, enter a name that you want to use to register a new Azure AD application in your Azure Active Directory.
  2. Click Install to specify an SSL certificate that you want to use for data exchange between Veeam Backup for Microsoft 365 and an Azure AD application.
  3. In the Select Certificate wizard, select a certificate. For more information, see Installing SSL Certificates.

You can generate a new self-signed certificate or use an existing one. Before using an existing certificate, make sure to register this certificate in Azure Active Directory. For more information, see this Microsoft article. When generating a new self-signed certificate, Veeam Backup for Microsoft 365 will register it automatically.

  1. Select the Allow this application to enable export mode for SharePoint Web Parts check box to allow Veeam Backup for Microsoft 365 to back up web parts of your Microsoft SharePoint websites. For more information about web parts, see this Microsoft article.

By default, web parts of Microsoft SharePoint sites that belong to a Microsoft 365 organization with modern app-only authentication have the allowexport property set to false which prevents Veeam Backup for Microsoft 365 from having a direct access to such web parts.

If this check box is selected, Veeam Backup for Microsoft 365 automatically alters the allowexport property of each web part and sets this property to true. After the allowexport property is set to true, a web part can be backed up without any limitations.

Register Azure AD Application

Using Existing Azure AD Application

You can specify an existing Azure AD application in your Azure Active Directory. Veeam Backup for Microsoft 365 will use this application for data exchange with your Microsoft 365 organizations during backup and restore sessions.

To use an existing application, do the following:

  1. In the Username field, enter a user account that you want to use for impersonation. For more information about impersonation, see this Microsoft article.

You can enter any account that belongs to your Microsoft 365 organization using the following format: name@<domain_name>.<domain>. For example, user@abc.com.

Note

If you plan to back up public folder mailboxes, this user account must be granted the Owner role and have a valid Exchange Online license and an active mailbox within the Microsoft 365 organization.

Keep in mind that if you select only SharePoint Online and OneDrive for Business services to protect at the Select Organization Deployment Type step, Veeam Backup for Microsoft 365 displays the Specify organization name field instead. In this field, specify a domain name of your Microsoft 365 organization without the user name. For example, abc.com.

  1. In the Application ID field, specify an identification number of Azure AD application that you want to use to access your Microsoft 365 organization.

You can find this number in the application settings of your Azure Active Directory. For more information, see this Microsoft article.

  1. Click Install to specify an SSL certificate that you want to use for data exchange between Veeam Backup for Microsoft 365 and the specified Azure AD application.
  2. In the Select Certificate wizard, select a certificate. For more information, see Installing SSL Certificates.

You can generate a new self-signed certificate or use an existing one. Before using an existing certificate, make sure to register this certificate in Azure Active Directory. For more information, see this Microsoft article. When generating a new self-signed certificate, Veeam Backup for Microsoft 365 will register it automatically.

  1. Select the Grant this application required permissions and register its certificate in Azure AD check box to automatically grant required permissions to Azure AD application.

Veeam Backup for Microsoft 365 will also register the specified certificate in your Azure Active Directory.

Keep in mind that you do not need to select this check box if you have granted the required permissions to the specified Azure AD application beforehand and already registered its certificate in Azure Active Directory. If the Grant this application required permissions and register its certificate in Azure AD check box is not selected, Veeam Backup for Microsoft 365 skips the Log in to Microsoft 365 step and proceeds to Finish Working With Wizard.

  1. Select the Allow this application to enable export mode for SharePoint Web Parts check box to allow Veeam Backup for Microsoft 365 to back up web parts of your Microsoft SharePoint websites. For more information about web parts, see this Microsoft article.

By default, web parts of Microsoft SharePoint sites that belong to a Microsoft 365 organization with modern app-only authentication have the allowexport property set to false which prevents Veeam Backup for Microsoft 365 from having a direct access to such web parts.

If this check box is selected, Veeam Backup for Microsoft 365 automatically alters the allowexport property of each web part and sets this property to true. After the allowexport property is set to true, a web part can be backed up without any limitations.

Specify Azure AD Application