Page tree

Product Version: 10.7.1

Last Modified: 5 October 2022

Question

What API permissions must be provided to NAKIVO Backup & Replication to successfully back up and recover Exchange Online mailboxes, OneDrives, SharePoint Online sites, and Teams?

Answer

The following API permissions must be provided to NAKIVO Backup & Replication:

Microsoft Graph API

ServiceBackupRecovery
Exchange Online
  • Calendars>Calendars.Read (Application)
  • Contacts>Contacts.Read (Application)
  • Mail>Mail.Read (Application)
  • MailboxSettings>MailboxSettings.Read (Application)
    (required for backing up shared mailboxes)
  • Notes>Notes.Read.All (Application)
  • User>User.Read.All (Application)
  • Calendars>Calendars.ReadWrite (Application)
  • Contacts>Contacts.ReadWrite (Application)
  • Mail>Mail.ReadWrite (Application)
  • MailboxSettings>MailboxSettings.Read (Application)
    (required for recovery to shared mailboxes)
  • Notes>Notes.ReadWrite.All (Application)
  • User>User.Read.All (Application)
OneDrive for Business
  • Files>Files.Read.All (Application)
  • User>User.Read.All (Application)
  • Files>Files.ReadWrite.All (Application)
  • User>User.Read.All (Application)
SharePoint Online
  • Sites>Sites.Read.All (Application)
  • Sites>Sites.ReadWrite.All (Application)
  • Sites>Sites.FullControl.All (Application)
  • Sites>Sites.Manage.All (Application)
Group mailboxes
  • Files>Files.Read.All (Application)
  • Group>Group.Read.All (Delegated|Application) 
  • Group>GroupMember.Read.All (Application) 
  • Notes>Notes.Read.All (Application)
  • User>User.Read.All (Application) 
  • Files>Files.ReadWrite.All (Application) 
  • Group>Group.ReadWrite.All (Delegated|Application) 
  • Notes>Notes.ReadWrite.All (Application)
Group sites
  • Sites>Sites.Read.All (Application)
  • Sites>Sites.ReadWrite.All (Application)
  • Sites>Sites.FullControl.All (Application)
  • Sites>Sites.Manage.All (Application)
Teams
  • Channel>Channel.ReadBasic.All (Application)
  • ChannelSettings>ChannelSettings.Read.All (Application)
  • ChannelMessage.Read.All (Delegated|Application)
  • Files>Files.Read.All (Application)
  • Group>Group.Read.All
  • Group>GroupMember.Read.All (Application) 
  • Team>Team.ReadBasic.All (Application)
  • TeamMember>TeamMember.Read.All (Application)
  • TeamsTab>ha (Application)
  • TeamworkTag>TeamworkTag.ReadWrite.All (Application)
  • User>User.ReadWrite.All 
  • Channel>Channel.Create (Application)
  • Channel>Channel.Delete.All (Application)
  • Channel>ChannelMessage.Send (Delegated)
  • ChannelSettings>ChannelSettings.ReadWrite.All (Application)
  • Files>Files.ReadWrite.All (Application)
  • Group>Group.ReadWrite.All (Application)
  • TeamsAppInstallation>TeamsAppInstallation.ReadWriteForTeam.All (Application)
  • TeamMember>TeamMember.ReadWrite.All (Application)
  • TeamSettings>TeamSettings.ReadWrite.All (Application)
  • TeamsTab>TeamsTab.ReadWrite.All (Application)
  • TeamworkTag>TeamworkTag.ReadWrite.All (Application)


Office 365 Exchange Online API

ServiceBackupRecovery
Exchange OnlineOther permissions>full_access_as_appOther permissions>full_access_as_app


SharePoint API

The following API permission is only required if you are using certificate-based authentication with SharePoint Online:

ServicesRecovery
SharePoint Online and Group sites
  • Sites>Sites.FullControl.All (Application)

The API permissions can be changed via your Azure Active Directory. For details, refer to Obtaining Microsoft 365 credentials (items 1-11). 

  • No labels