Overview
This article outlines the permissions necessary for backup and restore using Microsoft 365 Backup Storage.
Druva requires App-only access, which permits Azure AD applications to execute actions with admin-driven consent.
Permissions required for the Microsoft 365 Backup Storage application:
Permissions | Type | Purpose |
| Application | Display Text - Read items in all site collections Description - Site Listing and Search site for protection or backup. |
| Application | Display Text - Read all users' full profiles Description - Allows the application to read user profiles without a signed-in user. |
| Application | Display Text - Read all backup configuration policies Description - Allows the application to read all backup configurations and lists of Microsoft 365 service resources to be backed up without a signed-in user. |
| Application | Display Text - Read and edit all backup configuration policies Description - Allows the application to read and update the backup configuration and list of Microsoft 365 service resources to be backed up without a signed-in user. |
| Application | Display Text - Read all restore sessions Description - Allows the application to read all restore sessions without a signed-in user. |
| Display Text - Read all monitoring, quota, and billing information for your tenant Description - Allows the application to monitor all backup and restore jobs, view quota usage and billing details, without a signed-in user. | |
| Application | Display Text - Read restore all sessions and start restore sessions from backups. Description - Allows the application to search all backup snapshots for Microsoft 365 resources and restore Microsoft 365 resources from a backed up snapshot, without a signed-in user. |
| Application | Display Text - Search for metadata properties in all backup snapshots Description - Allows the application to search all backup snapshots for Microsoft 365 resources without a signed-in user. |
| Application | Display Text - Update or read the status of the M365 backup service Description - Allows the application to update or read the status of the Microsoft 365 backup service (enable/disable) without signed in user |
| Delegated | Display Text - Update or read the status of the M365 backup service Description - Allows the application to update or read the status of Microsoft 365 backup service (enable/disable), on your behalf. |