Product Version: 10.8
Last Modified: 5 October 2022
Question
What API permissions must be provided to NAKIVO Backup & Replication to successfully back up and recover Exchange Online mailboxes, OneDrives, SharePoint Online sites, and Teams?
Answer
See below for a list of all permissions and the services that require them to be provided to NAKIVO Backup & Replication.
Microsoft Graph API
Permission | Exchange Online | Group Mailbox | OneDrive for Business | SharePoint and Group SharePoint | Teams | Application or Delegated Permission? | Description |
---|---|---|---|---|---|---|---|
Calendars.Read | Discovery Backup | Application | Read calendars in all mailboxes | ||||
Calendars.ReadWrite | Recovery | Application | Read and write calendars in all mailboxes | ||||
Notes.Read.All | Discovery Backup | Discovery Backup | Application | Read all OneNote notebooks | |||
Notes.ReadWrite.All | Recovery | Recovery | Application | Read and write all OneNote notebooks | |||
Mail.Read | Discovery Backup | Application | Read mail in all mailboxes | ||||
Mail.ReadWrite | Recovery | Application | Read and write mail in all mailboxes | ||||
MailboxSettings.Read | Discovery Backup Recovery | Application | Read all user mailbox settings | ||||
User.Read.All | Discovery Backup Recovery | Backup | Discovery | Application | Read all users' full profiles | ||
User.ReadWrite.All | Backup | Read and write all users' full profiles | |||||
Contacts.Read | Discovery Backup | Application | Read contacts in all mailboxes | ||||
Contacts.ReadWrite | Recovery | Application | Read and write contacts in all mailboxes | ||||
Files.Read.All | Discovery Backup | Discovery Backup | Backup | Application | Read files in all site collections | ||
Files.ReadWrite.All | Recovery | Recovery | Recovery | Application | Read and write files in all site collections | ||
Group.Read.All | Discovery Backup | Backup | Application (group mailbox only) Delegated (group mailbox only) | Read all groups | |||
Group.ReadWrite.All | Recovery | Recovery | Application Delegated (group mailbox only) | Read and write all groups | |||
GroupMember.Read.All | Discovery Backup | Backup | Application | Read all group memberships | |||
Sites.Read.All | Discovery Backup | Application | Read items in all site collections | ||||
Sites.ReadWrite.All | Recovery | Application | Read and write items in all site collections | ||||
Sites.FullControl.All | Recovery | Application | Have full control of all site collections | ||||
Sites.Manage.All | Recovery | Application | Create, edit, and delete items and lists in all site collections | ||||
Team.ReadBasic.All | Discovery Backup | Application | Get a list of all teams | ||||
TeamSettings.ReadWrite.All | Recovery | Application | Read and change all teams' settings | ||||
TeamsAppInstallation.ReadWriteForTeam.All | Recovery | Application | Manage Teams apps for all teams | ||||
TeamMember.Read.All | Backup | Application | Read the members of all teams | ||||
TeamMember.ReadWrite.All | Recovery | Application | Add and remove members from all teams | ||||
Channel.ReadBasic.All | Backup | Application | Read the names and descriptions of all channels | ||||
Channel.Create | Recovery | Application | Create channels | ||||
Channel.Delete.All | Recovery | Application | Delete channels | ||||
ChannelSettings.Read.All | Backup | Application | Read the names, descriptions, and settings of all channels | ||||
ChannelSettings.ReadWrite.All | Recovery | Application | Read and write the names, descriptions, and settings of all channels | ||||
TeamworkTag.ReadWrite.All | Backup Recovery | Application | Read and write tags in Microsoft Teams | ||||
TeamsTab.ReadWrite.All | Backup Recovery | Application | Read and write tabs in Microsoft Teams | ||||
ChannelMessage.Read.All | Backup | Application Delegated | Read all channel messages | ||||
ChannelMessage.Send | Recovery | Delegated | Send channel messages |
Office 365 Exchange Online API
Permission | Exchange Online | Group Mailbox | Application/Delegated Permission? | Description |
---|---|---|---|---|
full_access_as_app | Recovery | Backup Recovery | Application | Backup group posts, recover group posts, recover type of ItemAttachment for email messages, recover a contact with personalNote larger than 4MB, recover sticky notes, recover huge email message or calendar event content |
SharePoint API
The following API permission is only required if you are using certificate-based authentication with SharePoint Online:
Permission | SharePoint and Group SharePoint | Application/Delegated Permission? | Description |
---|---|---|---|
Sites.FullControl.All | Recovery | Application | Have full control of all site collections |
The API permissions can be changed via your Azure Active Directory. For details, refer to Obtaining Microsoft 365 credentials (items 1-11).