Permissions for Authentication to Restore Portal

The following table lists required permissions for Azure AD applications that are granted automatically by Veeam Backup for Microsoft 365 when you configure the Restore Portal settings.

If you prefer to use a custom application of your own, make sure to grant all the permissions listed in this table manually.

All listed permissions are of the Delegated type.

API	Permission name	Description
Microsoft Graph	User.Read	Sign in and read user profile.
<Azure AD application>	access_as_user	Obtain an access token on behalf of the user to implement On-Behalf-Of flow. For more information about On-Behalf-Of flow, see this Microsoft article. For more information on how to expose a web API, see this Microsoft article.

API

Permission name

Description

Microsoft Graph

User.Read

access_as_user

Obtain an access token on behalf of the user to implement On-Behalf-Of flow.

For more information about On-Behalf-Of flow, see this Microsoft article.

For more information on how to expose a web API, see this Microsoft article.