Veritas Alta™ SaaS Protection Administrator's Guide
- Introduction to Veritas Alta™ SaaS Protection
- EDB and EDB compliance
- Active Directory synchronization
- Manage users and roles
- API permissions
- Add connectors
- Overview of adding connectors
- Add Exchange Online connectors
- Configure the capture scope for Exchange connectors
- Configure the capture scope for Exchange connectors
- Add SharePoint Online connectors
- Configuring the capture scopes for SharePoint connectors
- Add Teams site collections connectors
- Add OneDrive connectors
- Add Teams chat connectors
- Add Audit Log connectors
- Add Google Drive connectors
- Add Gmail connectors
- About the Salesforce connector
- Add Entra ID (Azure AD) connectors
- Add Box connectors
- Add Email/Messages
- Apps Consent Grant Utility
- Add Retention policies
- Perform backups
- Manage backed-up data
- Perform restores using Administration portal
- Restore SharePoint/OneDrive/Teams Sites and data
- Restore Teams chat messages and Teams channel conversations
- Restore Box data
- Restore Google Drive data
- About the Salesforce Data, Metadata, and CRM Content restore
- Limitations of Salesforce Metadata backup and restore
- About Entra ID (Azure AD) objects and records restore
- Perform restores using Export Utility
- Restore dashboard
- Install services and utilities
- Discovery
- Add Tagging polices
- Add Tiering policy
- General administrative tasks
- Manage Stors (Storages)
- Managing Scopes
- Known Issues
API permissions for Exchange Online
If you use the Microsoft 365 App Registrations mode to configure the connector for your Exchange workload, Veritas Alta SaaS Protection must have the API permissions listed in the following table. In the Microsoft 365 App Registration mode, a single app has all the following permissions assigned, whether permissions are applicable to the workload being backed up by the connector to which the apps are assigned. The delegated permissions are mentioned in the following tables; all other permissions are app permissions.
Table: List of API permissions required for Exchange Online backup and restore
Used by Veritas Alta SaaS Protection | ||||
---|---|---|---|---|
Microsoft Graph | MailboxSettings.Read | Read all user mailbox settings. | Allows the app to read user's mailbox settings without a signed-in user. Does not include permission to send mail. | To read mailbox type when using the Graph Management API mode. |
Group.ReadWrite.All | Read and write all groups. | Allows the app to create groups, read all group properties and memberships, update group properties and memberships, and delete groups. Also allows the app to read and write conversations. All of these operations can be performed by the app without a signed-in user. | To add impersonation accounts as members to Microsoft 365 Groups/Teams to back up and restore their mailboxes in the Graph Management API mode. | |
Directory.Read.All | Read directory data. | Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user. | To fetch a list of users within a tenant and obtain a list of mailboxes using the Graph Management API mode. | |
RoleManagement.ReadWrite.Directory | Read and write role management data for Microsoft Entra ID. | Allows the app to read and manage the role-based access control (RBAC) settings for your company's directory, without a signed-in user. This includes instantiating directory roles and managing directory role membership, and reading directory role templates, directory roles and memberships. | To add impersonation accounts as administrators to role assigned Microsoft 365 groups to backup and restore their mailboxes using Graph Management API mode. | |
Office 365 Exchange Online | full_access_as_app | Use Exchange Web Services with full access to all mailboxes. | Allows the app to have full access by Exchange Web Services to all mailboxes without a signed-in user. | To backup/ and restore data from all types of mailboxes. No other granular permissions are provided by Microsoft for Exchange Web Services. |
Exchange.ManageAsApp | Manage Exchange as an application. | Allows the app to manage the organization's Exchange environment without any user interaction. It includes mailboxes, groups, and other configuration objects. To enable management actions, an admin must assign the appropriate roles directly to the app. | To allow Exchange Online PowerShell access for the following operations when the PowerShell Management API mode is used:
|