Veeam Backup for Microsoft 365 7.0
User Guide
Related documents
Search

Permissions

Microsoft Organizations

To protect your data using Veeam Backup for Microsoft 365, you use Veeam Backup account and Azure AD application. Depending on configuration of Microsoft 365 organizations and the restrictions on using legacy authentication protocols, you can add organizations using either modern app-only authentication, or modern authentication method with legacy protocols allowed, or basic authentication.  

When you add Microsoft 365 organization using the modern app-only authentication method, you use only Azure AD application to establish and maintain connection between Veeam Backup for Microsoft 365 and Microsoft 365 organizations and perform a backup and restore from/to such organizations.

When you add Microsoft 365 organization using modern authentication with legacy protocols allowed, you use both Veeam Backup account and Azure AD application to establish and maintain connection between Veeam Backup for Microsoft 365 and Microsoft 365 organizations and perform a backup and restore from/to such organizations. You use MFA-enabled Microsoft 365 user account as Veeam Backup account.

When you add Microsoft 365 organization using basic authentication or an on-premises Microsoft organization, you use Veeam Backup account to establish and maintain connection between Veeam Backup for Microsoft 365 and such organizations and perform a backup and restore.  

Depending on authentication methods you use, you must grant permissions to Veeam Backup account or Azure AD application, or both accounts.

Restore Portal

If you allow users to perform self-service restore using Restore Portal, you must grant permissions to Azure AD application to ensure users authentication to the portal with their Microsoft 365 user account credentials. For more information, see Permissions for Authentication to Restore Portal.

Azure Archiver Appliance

If you want to use the Azure archiver appliance when Veeam Backup for Microsoft 365 copies backed-up data between different instances of Azure Blob Storage or to Azure Blob Storage Archive, you must assign the required roles to a user account that you use to create Azure AD application for the Microsoft Azure service account. For more information, see Permissions for Azure Archiver Appliance.

Amazon S3 Storage

If you store Microsoft 365 and on-premises Microsoft organization backups in Amazon S3 object storage, you must grant permissions to a user account that you use to access Amazon buckets and folders. For more information, see Amazon S3 Storage Permissions.

Azure Blob Storage and Azure Blob Storage Archive

If you create an instance of Microsoft 365 and on-premises Microsoft organization backups in Azure Blob Storage and Azure Blob Storage Archive, you must grant permissions to a user account that you use to access this object storage. For more information, see Azure Blob Storage Permissions.

In This Section

View all results across Veeam
Back to document search