Skip to main content
Permissions for Microsoft 365 Backup Storage
Updated this week

Overview

This article outlines the permissions necessary for backup and restore using Microsoft 365 Backup Storage.

Druva requires App-only access, which permits Azure AD applications to execute actions with admin-driven consent.

Permissions required for the Microsoft 365 Backup Storage application:

Permissions

Type

Purpose

Sites.Read.All

Application

Display Text - Read items in all site collections

Description - Site Listing and Search site for protection or backup.

User.Read.All

Application

Display Text - Read all users' full profiles

Description - Allows the application to read user profiles without a signed-in user.

BackupRestore-Configuration.Read.All

Application

Display Text - Read all backup configuration policies

Description - Allows the application to read all backup configurations and lists of Microsoft 365 service resources to be backed up without a signed-in user.

BackupRestore-Configuration.ReadWrite.All

Application

Display Text - Read and edit all backup configuration policies

Description - Allows the application to read and update the backup configuration and list of Microsoft 365 service resources to be backed up without a signed-in user.

BackupRestore-Restore.Read.All

Application

Display Text - Read all restore sessions

Description - Allows the application to read all restore sessions without a signed-in user.

BackupRestore-Monitor.Read.All

Display Text - Read all monitoring, quota, and billing information for your tenant

Description - Allows the application to monitor all backup and restore jobs, view quota usage and billing details, without a signed-in user.

BackupRestore-Restore.ReadWrite.All

Application

Display Text - Read restore all sessions and start restore sessions from backups.

Description - Allows the application to search all backup snapshots for Microsoft 365 resources and restore Microsoft 365 resources from a backed up snapshot, without a signed-in user.

BackupRestore-Search.Read.All

Application

Display Text - Search for metadata properties in all backup snapshots

Description - Allows the application to search all backup snapshots for Microsoft 365 resources without a signed-in user.

BackupRestore-Control.ReadWrite.All

Application

Display Text - Update or read the status of the M365 backup service

Description - Allows the application to update or read the status of the Microsoft 365 backup service (enable/disable) without signed in user

BackupRestore-Control.ReadWrite.All

Delegated

Display Text - Update or read the status of the M365 backup service

Description - Allows the application to update or read the status of Microsoft 365 backup service (enable/disable), on your behalf.

Did this answer your question?