Required Permissions
To protect your data using Veeam Backup for Microsoft Office 365, you use Veeam Backup account and Azure AD application. Depending on configuration of Microsoft Office 365 organizations and the restrictions on using legacy authentication protocols, you can add organizations using either modern app-only authentication, or modern authentication method with legacy protocols allowed, or basic authentication.
When you add Microsoft Office 365 organization using the modern app-only authentication method, you use only Azure AD application to establish and maintain connection between Veeam Backup for Microsoft Office 365 and Microsoft Office 365 organizations and perform a backup and restore from/to such organizations.
When you add Microsoft Office 365 organization using modern authentication with legacy protocols allowed, you use both Veeam Backup account and Azure AD application to establish and maintain connection between Veeam Backup for Microsoft Office 365 and Microsoft Office 365 organizations and perform a backup and restore from/to such organizations. You use MFA-enabled Office 365 user account as Veeam Backup account.
When you add Microsoft Office 365 organization using basic authentication or an on-premises Microsoft organization, you use Veeam Backup account to establish and maintain connection between Veeam Backup for Microsoft Office 365 and such organizations and perform a backup and restore.
Depending on authentication methods you use, you must grant permissions to Veeam Backup account or Azure AD application, or both accounts.
If you store Microsoft Office 365 and on-premises Microsoft organization backups in Amazon S3 object storage, you must grant permissions to a user account that you use to access Amazon buckets and folders.
In This Section