Configuration

Restore Portal is deployed automatically along with the Veeam Backup for Microsoft 365 REST API component installation.

The Veeam Backup for Microsoft 365 administrator can configure Restore Portal for the following backup infrastructures:

Configuring Restore Portal for Single Microsoft 365 Organization

If the Veeam Backup for Microsoft 365 administrator wants to allow end users and restore operators in a Microsoft 365 organization to explore and restore data from backups using Restore Portal, the following actions must be performed before users start using the web application:

  1. Check that the Veeam Backup for Microsoft 365 REST API component is installed either on the Veeam Backup for Microsoft 365 server or on a separate machine.

Deployment of the Veeam Backup for Microsoft 365 REST API component on a separate machine decreases the load on the backup infrastructure when exploring and restoring data from backups using Restore Portal. For more information, see Installing Veeam Backup for Microsoft 365 to deploy the solution to the Veeam Backup for Microsoft 365 server and Installing REST API to deploy the Veeam Backup for Microsoft 365 REST API component separately.

  1. Enable Veeam Backup for Microsoft 365 REST API Service.

This service processes REST API commands and allows Restore Portal to communicate with Veeam Backup for Microsoft 365. For more information, see REST API Settings if you have deployed the solution on the Veeam Backup for Microsoft 365 server and Configuring REST API and Restore Portal on Separate Machine if you have installed REST API separately.

  1. Enable restore operator authentication to the Veeam Backup for Microsoft 365 server. For more information, see Authentication Settings.
  2. Enable Restore Portal and configure access to it. For more information, see Restore Portal Settings if you have deployed the solution on the Veeam Backup for Microsoft 365 server and Configuring REST API and Restore Portal on Separate Machine if you have installed REST API separately.
  3. Add restore operator roles to assign permissions to users who act as restore operators. For more information, see Adding Restore Operator Role.
  4. Provide end users and restore operators with the Restore Portal web address.

Configuring Restore Portal for Multiple Tenants

Note

Follow these steps as a part of Backup as a Service for Microsoft 365 usage scenario. For more information, see Backup as Service for Microsoft 365.

On Service Provider Side

To configure access for end users and restore operators from tenant organizations to Restore Portal, the following actions must be performed on a service provider side before users start using the web application:

  1. Check that the Veeam Backup for Microsoft 365 REST API component is installed either on the Veeam Backup for Microsoft 365 server or on a separate machine.

Deployment of the Veeam Backup for Microsoft 365 REST API component on a separate machine decreases the load on the backup infrastructure when exploring and restoring data from backups using Restore Portal. For more information, see Installing Veeam Backup for Microsoft 365 to deploy the solution to the Veeam Backup for Microsoft 365 server and Installing REST API to deploy the Veeam Backup for Microsoft 365 REST API component separately.

  1. Enable Veeam Backup for Microsoft 365 REST API Service.

This service processes REST API commands and allows Restore Portal to communicate with Veeam Backup for Microsoft 365. For more information, see REST API Settings if you have deployed the solution on the Veeam Backup for Microsoft 365 server and Configuring REST API and Restore Portal on Separate Machine if you have installed REST API separately.

  1. Enable tenant and restore operator authentication to the Veeam Backup for Microsoft 365 server. For more information, see Authentication Settings.
  2. Enable Restore Portal and configure access to it. For more information, see Restore Portal Settings if you have deployed the solution on the Veeam Backup for Microsoft 365 server and Configuring REST API and Restore Portal on Separate Machine if you have installed REST API separately.

Important

Azure AD application that end users and restore operators from tenant organizations will use to access Restore Portal must be created for a Microsoft 365 organization on a service provider side.

  1. Run the Install-Module cmdlet to install the Azure Active Directory PowerShell for Graph module. For more information, see this Microsoft article.
  2. Share the configured Azure AD application with all tenant organizations.

To do this, authenticate to Azure Active Directory using the Connect-AzureAD cmdlet and then run the New-AzureADServicePrincipal cmdlet. Specify an application ID of Azure AD application configured for authentication to Restore Portal as the AppId parameter value.

Connect-AzureAD

New-AzureADServicePrincipal -AppId "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"

  1. Configure access to Restore Portal on each tenant side. For more information, see On Tenant Side.
  2. Add restore operator roles to assign permissions to users who act as restore operators. For more information, see Adding Restore Operator Role.
  3. Provide end users and restore operators with the Restore Portal web address.

On Tenant Side

Perform the following actions for all tenant organizations before users start using the web application:

  1. Run the Install-Module cmdlet to install the Azure Active Directory PowerShell for Graph module. For more information, see this Microsoft article.
  2. Authenticate to Azure Active Directory using the Connect-AzureAD cmdlet and then run the New-AzureADServicePrincipal cmdlet. Specify an application ID of Azure AD application configured by a service provider for authentication to Restore Portal as the AppId parameter value.

Connect-AzureAD

New-AzureADServicePrincipal -AppId "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"

  1. Sign in to the tenant organization Azure portal.
  2. Go to Azure Active Directory > Enterprise applications.
  3. Search for Azure AD application configured for authentication to Restore Portal by ObjectID that you have obtained at step 2. Alternatively, you can get ObjectID by running the following command:

Get-AzureADServicePrincipal -Filter "AppId eq 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'"

Specify an application ID of Azure AD application configured by a service provider for authentication to Restore Portal as the AppId parameter value.

  1. Go to the application permissions and grant admin consent to this application on behalf of all users in the tenant organization. For more information, see this Microsoft article, Permissions for Authentication to Restore Portal and contact Veeam Customer Support.

In This Section