Microsoft Entra access rights after M365 server update
Background
After the upgrade to the latest version, some permissions and roles need to be re-added to the Microsoft 365 organizations.
How to get your application ID
Log in to the Service Provider Console at: https://veeam.speicherblock.at
Go to Configuration > Plug-in library > Veeam Backup for M365 Integration
Choose Organization and the Edit the organization that you need.
On the Application Settings tab, you'll see the Application ID.
How to add Application permissions in Azure
Log in to Azure portal at: https://portal.azure.com
Go to Microsoft Entra ID
In the search field, search for App registrations and click the button.
Find the application that has the Application ID that you saw on the console and click on it.
You need to add the following permissions:
API | Permission | Type |
Microsoft Graph | ChannelMember.ReadWrite.All | Application |
Microsoft Graph | ChannelMember.ReadWrite.All | Delegated |
Microsoft Graph | Files.ReadWrite.All | Application |
Microsoft 365 Exchange Online | Exchange.ManageAsApp | Application |
You can add the permission doing the following:
- click on the API name,
- choose between Application and Delegated permissions,
- search for the permission and Add it.
Do this for all the listed permissions and then add Admin consent by clicking on the Grant Admin consent button.
Click Yes on the confirmation prompt.
How to assign the required role
Log in to Microsoft Entra admin center at: https://entra.microsoft.com/
Choose Identity > Roles and admins
Search for Global Reader and click on it.
Under Assignements click +Add Assignment
Search for the Veeam application - you can recognize it by checking the ID in the Description field.
Add the role assignment.
Microsoft Teams public channel backup
Teams public channels are backed up using Microsoft Graph Export API. However, access to this API has been changed by Microsoft. Using this API comes with an additional cost, so you need to decide if you need this in your backup or not.
Original Veeam article to follow:
No Comments