How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

      Comments Off on How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

When you add organization using the modern app-only authentication method, the permissions for Azure AD applications that are granted automatically by Veeam Backup for Microsoft 365.

Anyway, if you prefer to use a custom application of your own, make sure to grant all the permissions as below.

Permissions for Backup

All listed permissions are of the Application type.

042022 1642 Howtoconfig1 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

Permissions for Restore

To restore data using Azure AD application, make sure that you configure the Azure AD application settings.

Restore Using Device Code Flow

All listed permissions are of the Delegated type and required for data restore using Veeam Explorers.

042022 1642 Howtoconfig2 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

Restore Using Application Certificate

All listed permissions are of the Application type and required for data restore using Restore Portal and through REST API and PowerShell.

042022 1642 Howtoconfig3 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

1.Sign in Azure portal with Global Admin account.

2.Search for and select Azure Active Directory.

042022 1642 Howtoconfig4 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

3.Under Manage, select App registrations.

042022 1642 Howtoconfig5 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

4.On the App registrations page, select +New registration.

042022 1642 Howtoconfig6 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

5.On the Register an application page, type VBO365APP as application Name, select Accounts in this organization directory only, click Register.

042022 1642 Howtoconfig7 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

6.When registration finishes, the Azure portal displays the app registration’s Overview pane. You see the Application (client) ID. Also called the client ID, this value uniquely identifies your application in the Microsoft identity platform, select API permissions.

042022 1642 Howtoconfig8 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

7.On the Configured permissions page, select +Add permission.

042022 1642 Howtoconfig9 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

8.On the Request API permissions page, select Microsoft APIs, select Microsoft Graph.

042022 1642 Howtoconfig10 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

9.On the Microsoft Graph page, select Application permissions.

042022 1642 Howtoconfig11 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

10.On the Select permission page, expend Directory, select Directory.Read.All.

042022 1642 Howtoconfig12 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

11.On the Select permission page, expend Group, select Group.Read.All.

042022 1642 Howtoconfig13 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

12.On the Select permission page, expend TeamSettings, select TeamSettings.ReadWrite.All.

042022 1642 Howtoconfig14 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

13.On the Select permission page, expand Sites, select Sites.Read.All, click Add permissions.

042022 1642 Howtoconfig15 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

14.On the Configured permissions page, select +Add permission.

042022 1642 Howtoconfig16 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

15.On the Request API permissions page, select APIs my organization uses.

042022 1642 Howtoconfig17 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

16.On the API my organization uses page, search and select Office 365 Exchange Online.

042022 1642 Howtoconfig18 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

17.On the Office 365 Exchange Online page, select Application permissions.

042022 1642 Howtoconfig19 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

18.On the Select permission page, expand Other permissions, select full_access_as_app, click Add permissions.

042022 1642 Howtoconfig20 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

19.On the Configured permissions page, select +Add permission.

042022 1642 Howtoconfig21 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

20.On the Request API permissions page, select Microsoft APIs, click SharePoint

042022 1642 Howtoconfig22 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

21.On the SharePoint page, select Application permissions.

042022 1642 Howtoconfig23 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

22.On the Select permission page, expand Sites, select Sites.FullControl.All.

042022 1642 Howtoconfig24 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

23.On the Select permission page, expand Users, select User.Read.All, click Add permissions.

042022 1642 Howtoconfig25 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

24.On the Configured permissions page, select +Add permission.

042022 1642 Howtoconfig26 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

25.On the Request API permissions page, select Microsoft APIs, select Microsoft Graph.

042022 1642 Howtoconfig27 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

26.On the Microsoft Graph page, select Delegated permissions.

042022 1642 Howtoconfig28 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

27.On the Select permission page, expend Directory, select Directory.Read.All.

042022 1642 Howtoconfig29 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

28.On the Select permission page, expend Group, select Group.Read.All.

042022 1642 Howtoconfig30 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

29.On the Select permission page, expand Sites, select Sites.Read.All.

042022 1642 Howtoconfig31 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

30.On the Select permission page, expand OpenId permissions, select offline_access, click Add permissions.

042022 1642 Howtoconfig32 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

31.On the Configured permissions page, select +Add permission.

042022 1642 Howtoconfig33 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

32.On the Request API permissions page, select APIs my organization uses.

042022 1642 Howtoconfig34 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

33.On the API my organization uses page, search and select Office 365 Exchange Online.

042022 1642 Howtoconfig35 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

34.On the Office 365 Exchange Online page, select Delegated permissions.

042022 1642 Howtoconfig36 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

35.On the Select permission page, expand EWS, select EWS.AccessAsUser.All, click Add permissions.

042022 1642 Howtoconfig37 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

36.On the Configured permissions page, select +Add permission.

042022 1642 Howtoconfig38 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

37.On the Request API permissions page, select Microsoft APIs, click SharePoint.

042022 1642 Howtoconfig39 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

38.On the SharePoint page, select Delegated permissions.

042022 1642 Howtoconfig40 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

39.On the Select permission page, expand AllSites, select AllSites.FullControl.

042022 1642 Howtoconfig41 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

40.On the Select permission page, expand Users, select User.Read.All, click Add permissions.

042022 1642 Howtoconfig42 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

41.On the Configured permissions page, select +Add permission.

042022 1642 Howtoconfig43 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

42.On the Request API permissions page, select Microsoft APIs, select Microsoft Graph.

042022 1642 Howtoconfig44 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

43.On the Microsoft Graph page, select Application permissions.

042022 1642 Howtoconfig45 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

44.On the Select permission page, expend Group, select Group.ReadWrite.All, click Add permissions.

042022 1642 Howtoconfig46 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

45.On the Configured permissions page, click Grant admin consent for domain name (in my case is carysun.com).

042022 1642 Howtoconfig47 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

46.On the Grant admin consent confirmation page, click Yes.

042022 1642 Howtoconfig48 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

47.Verify status of all APIs without warning.

042022 1642 Howtoconfig49 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

Create Application secrets (Optional)

We use specify an SSL certificate that you want to use for data exchange between Veeam Backup for Microsoft 365 and an Azure AD application but If you would like to use Application secret on Exchange Online credentials settings of VBO365, you need to create Application secret from Certificate & secrets settings.

1.On the Application page, select Certificates & Security.

042022 1642 Howtoconfig50 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

2.On the Certificates & secrets page, select Clients secrets.

042022 1642 Howtoconfig51 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

3.On the Client secrets page, select +New client secret.

042022 1642 Howtoconfig52 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

4.On the Add a client secret page, enter information for the secret description, select Expires period, click Add.

042022 1642 Howtoconfig53 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

5.Copy the Value, it will be as the Application secret of VBO settings.

042022 1642 Howtoconfig54 - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

ca16fbd3199de5f66b829b87082fb970?s=80&d=retro&r=g - How to configure Azure AD Application Permissions for Modern App-Only Authentication of Veeam Backup for Microsoft 365

Author: Cary Sun

Cary Sun is an Principal Consultant, He has a strong background specializing in datacenter and deployment solutions, and has spent over 20 years in the planning, design, and implementation of network technologies and Management and system integration.He hold CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1997.Cary is also a Microsoft Most Valuable Professional (MVP) and Cisco Champion, He is a published author with serveral titles, include blogs on Checkyourlogs.net, author for many books. Specialties: CCIE /CCNA / MCSE / MCITP / MCTS / MCSA / Solution Expert / CCA
Blog:
http://www.carysun.com http://www.checkyourlogs.net
Twitter:@SifuSun

About Cary Sun

Cary Sun is an Principal Consultant, He has a strong background specializing in datacenter and deployment solutions, and has spent over 20 years in the planning, design, and implementation of network technologies and Management and system integration.He hold CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1997.Cary is also a Microsoft Most Valuable Professional (MVP) and Cisco Champion, He is a published author with serveral titles, include blogs on Checkyourlogs.net, author for many books. Specialties: CCIE /CCNA / MCSE / MCITP / MCTS / MCSA / Solution Expert / CCA Blog: http://www.carysun.com http://www.checkyourlogs.net Twitter:@SifuSun