To be able to access Azure Active Directory resources and retrieve information about your Microsoft Office 365 organizations, Veeam utilizes Microsoft Graph API. For more information about Microsoft Graph, see this Microsoft article.
To connect to Microsoft Graph, Veeam uses two different approaches involving two different application types:
This application is installed by default by Microsoft and allows Veeam to connect to Microsoft Office 365 organizations that belong to any Microsoft Azure region other than China or Germany.
Using Veeam Backup for Microsoft Office 365 Application
To connect to Microsoft Office 365 organizations that belong to China or Germany regions, Veeam uses the proprietary application — Veeam Backup for Microsoft Office 365.
This application is installed automatically after you select the Use custom Veeam application to connect to Microsoft Graph checkbox during adding Microsoft Office 365 organizations, and provides Veeam with the appropriate permission set to access and work with your Microsoft Office 365 organizations data (e.g. retrieving users information, etc.).
To be able to install the application, Veeam requires either of the following roles to be assigned to your Microsoft Office 365 account:
- Application administrator. For more information on this role, see this Microsoft article.
- Cloud application administrator. For more information on this role, see this Microsoft article.
To assign any of these roles, open the Azure Active Directory portal, go to Azure Active Directory > Users > %User% > Directory role and click Add role.
Once installed, the application can be found in the Enterprise applications - All applications section of your Azure Active Directory admin center.
To see what permissions have been given to the application, click the Veeam Backup for Microsoft Office 365 application name and select Permissions.
Note: |
The Use custom Veeam application to connect to Microsoft Graph option is selected by default for all regions. In fact, Veeam encourages you to use this option regardless of the region type of your Microsoft Office 365 organizations. |
The following types of requests are used when working with Microsoft Graph:
- Retrieve the properties and relationships of currently authenticated organization. For more information, see this Microsoft article.
- Get groups and directory roles that the user is a direct member of. For more information, see this Microsoft article.
- Retrieve a list of user objects. For more information, see this Microsoft article.
- List all the groups available in an organization. For more information, see this Microsoft article.