Veritas Alta™ SaaS Protection Administrator's Guide
- Section I. Introduction to Veritas Alta™ SaaS Protection
- Section II. Administration portal
- Section III. Manage users and roles
- Section IV. Manage searches/eDiscovery/cases
- Section V. Configure policies
- Section VI. Perform restores
- About restore
- Prerequisites for restore
- Restore dashboard
- Restore Exchange Online mailboxes
- Restore SharePoint Online Sites and data
- Restore SharePoint/OneDrive/Teams Sites and data
- Restore Teams chats and Teams Channel conversations
- Restore Audit logs
- Restore Box data
- Restore Google Drive data
- Restore Gmail data
- Restore Salesforce data and Metadata
- Restore Entra ID objects
- Restore Slack data
- Restore data to File server
- Restore options
- Section VII. Perform data share
- Section VIII. Perform data downloading
- Section IX. Add and configure connectors
- About connectors
- About connectors
- Overview of connectors
- Configuring the capture scope
- Configuring credentials
- Apps Consent Grant Utility
- Exchange Online connector
- Adding Exchange Online connectors
- Configuring the capture scope for Exchange connectors
- Configuring the capture scope for Exchange connectors
- SharePoint Online connector
- Teams Sites collections connector
- OneDrive connector
- Teams chat connector
- Audit log connector
- Google Drive connector
- Gmail connector
- Salesforce connector
- Entra ID (Azure AD) connector
- Box connector
- Slack connector
- EML connector
- Managing connectors
- About connectors
- Section X. Perform backups
- Section XI. Backup limitations
- Section XII. Events
- Section XIII. Manage Stors (Storages)
- Section XIV. Manage Scopes
- Section XV. Manage auditing
- Section XVI. Known Issues
API permissions for the Exchange Online
If you use the Microsoft 365 App Registrations mode to configure the connector for your Exchange workload, Veritas Alta SaaS Protection must have the API permissions listed in the following table. In the Microsoft 365 App Registration mode, a single app has all the following permissions assigned, whether permissions are applicable to the workload being backed up by the connector to which the apps are assigned. The delegated permissions are mentioned in the following tables; all other permissions are app permissions.
Table: List of API permissions required for Exchange Online backup and restore
Used by Veritas Alta SaaS Protection | ||||
---|---|---|---|---|
Microsoft Graph | MailboxSettings.Read | Read all user mailbox settings. | Allows the app to read user's mailbox settings without a signed-in user. Does not include permission to send mail. | To read mailbox type when using the Graph Management API mode. |
Group.ReadWrite.All | Read and write all groups. | Allows the app to create groups, read all group properties and memberships, update group properties and memberships, and delete groups. Also allows the app to read and write conversations. All of these operations can be performed by the app without a signed-in user. | To add impersonation accounts as members to Microsoft 365 Groups/Teams to back up and restore their mailboxes in the Graph Management API mode. | |
Directory.Read.All | Read directory data. | Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user. | To fetch a list of users within a tenant and obtain a list of mailboxes using the Graph Management API mode. | |
RoleManagement.ReadWrite.Directory | Read and write role management data for Microsoft Entra ID. | Allows the app to read and manage the role-based access control (RBAC) settings for your company's directory, without a signed-in user. This includes instantiating directory roles and managing directory role membership, and reading directory role templates, directory roles and memberships. | To add impersonation accounts as administrators to role assigned Microsoft 365 groups to backup and restore their mailboxes using Graph Management API mode. | |
Office 365 Exchange Online | full_access_as_app | Use Exchange Web Services with full access to all mailboxes. | Allows the app to have full access by Exchange Web Services to all mailboxes without a signed-in user. | To backup/ and restore data from all types of mailboxes. No other granular permissions are provided by Microsoft for Exchange Web Services. |
Exchange.ManageAsApp | Manage Exchange as an application. | Allows the app to manage the organization's Exchange environment without any user interaction. It includes mailboxes, groups, and other configuration objects. To enable management actions, an admin must assign the appropriate roles directly to the app. | To allow Exchange Online PowerShell access for the following operations when the PowerShell Management API mode is used:
|