![veeam backup for microsoft azure veeam backup for microsoft azure](https://lifesbackup828755019.files.wordpress.com/2021/02/image-61.png)
For Exchange restores the user must also have the ApplicationImpersonation role to be able to restore to not-owned mailboxes. Restore will require user credentials with membership of either Global Administrator or the respective service administrators ( Exchange Administrator, SharePoint Administrator, Teams Administrator). This is the default for all restores via the Veeam Explorers and can also be used via the RESTful API.
VEEAM BACKUP FOR MICROSOFT AZURE CODE
The interactive restore involves authentication with the device code flow. BackupĪll listed permissions are of the type Application.įor a more detailed description for each permission, please check the Veeam Help Center Required Azure AD Permissions. More details can be found in the Microsoft Documentation. The effective permissions of the app are based on the permissions of the user and an app can never have more permissions than the user using it. The app can only gain a given permission of the type Delegated when the user using the app also has this permission. The Delegated type permission is also given to the app, but they require a signed-in user on who’s behalf the app will act. Application permissions for an app are also it’s effective permissions. The app can act without a signed-in user present with the given permissions.
![veeam backup for microsoft azure veeam backup for microsoft azure](https://vmiss.net/wp-content/uploads/2020/04/veeam-backup-for-azure.jpg)
Microsoft knows two types of permissions for Azure AD applications (apps), which are Application and Delegated.Īn Application type permission is given to the app itself. Permission Types - Application vs Delegated This section concentrates on providing information for least privilege access with modern-only authentication.įor restoring items of a service you need to provide the required (✔) permissions to the Azure AD application.Ĭheckout out the vbo-create-azure-ad-app script on Github and the corresponding blog article Create Azure AD apps automatically to create these applications for granular use cases automatically. The Veeam Help Center Required Azure AD Permissions lists combined privileges for backup and restore of all supported Microsoft 365 applications, which is convenient but does not meet this demand.
![veeam backup for microsoft azure veeam backup for microsoft azure](https://lifesbackup828755019.files.wordpress.com/2020/08/image-2.png)
It is a common best practice to provide only the necessary permissions for the task at hand.