As reseller of VBO, my potential customer would be - 1) MSP who manage backup services for their O365 clients, 2) direct end customers who manage their own O365 backup data.
I do not seem to be able to locate any reference in Veeam's knowledge base that VBO supports a deployment model where my MSP partners can deploy VBO in their own environment which creates a backup job to protect their client's O365 data without directly accessing their client's O365 account credential (e.g. Global administrator).
Even if this model can be achieved by any means, how could MSP overcome data privacy issues, as if their O365 client may have shared the administrative credential with them to create and run the backup / restore processes?
Thanks!
-
ericstar
- Influencer
- Posts: 10
- Liked: never
- Joined: Apr 12, 2019 2:18 am
- Full Name: Eric S
- Contact:
-
Mike Resseler
- Product Manager
- Posts: 8045
- Liked: 1263 times
- Joined: Feb 08, 2013 3:08 pm
- Full Name: Mike Resseler
- Location: Belgium
- Contact:
Re: Data privacy concern of MSP deployment
Eric,
It is possible to do this, but it does require the MSP's to have their own portal. Our solution does not have such a portal of its own at this point in time
It is possible to do this, but it does require the MSP's to have their own portal. Our solution does not have such a portal of its own at this point in time
-
orb
- Service Provider
- Posts: 126
- Liked: 27 times
- Joined: Apr 01, 2016 5:36 pm
- Full Name: Olivier
- Contact:
Re: Data privacy concern of MSP deployment
Hello Eric
It exists an MSP implementation, but it is part of the Veeam Cloud Connect where the customer uses his exchange explorer in a VBR to access the MSP VBO doing the heavy lift but that’s not the only way.
You can find the minimum security requirements and you don’t need access to a global administrator to make it work.All is documented here https://helpcenter.veeam.com/docs/vbo3 ... tml?ver=50
Oli
It exists an MSP implementation, but it is part of the Veeam Cloud Connect where the customer uses his exchange explorer in a VBR to access the MSP VBO doing the heavy lift but that’s not the only way.
You can find the minimum security requirements and you don’t need access to a global administrator to make it work.All is documented here https://helpcenter.veeam.com/docs/vbo3 ... tml?ver=50
Oli
-
ericstar
- Influencer
- Posts: 10
- Liked: never
- Joined: Apr 12, 2019 2:18 am
- Full Name: Eric S
- Contact:
Re: Data privacy concern of MSP deployment
Hello Orb,
As far as I know, setting up backup organization using Modern App-only Authentication in VBO require an administrative User Account Roles (Reference: https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=50)
i.e.
The account that the Azure AD application will use to log in to Microsoft Office 365 must be assigned the following roles:
---
Global Administrator or Exchange Administrator — required for data restore with Veeam Explorer for Microsoft Exchange.
Global Administrator or SharePoint Administrator — required for data restore with Veeam Explorer for Microsoft SharePoint and Veeam Explorer for Microsoft OneDrive for Business.
Global Administrator or Teams Administrator — required for data restore with Veeam Explorer for Microsoft Teams.
Global Administrator — required for establishing a connection to a service provider in the Office 365 Backup as a Service scenario.
---
If there any scenario that I may have missed from the knowledge articles that the backup process can be created without using "administrative" user account for MSP implementation?
Thanks!
As far as I know, setting up backup organization using Modern App-only Authentication in VBO require an administrative User Account Roles (Reference: https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=50)
i.e.
The account that the Azure AD application will use to log in to Microsoft Office 365 must be assigned the following roles:
---
Global Administrator or Exchange Administrator — required for data restore with Veeam Explorer for Microsoft Exchange.
Global Administrator or SharePoint Administrator — required for data restore with Veeam Explorer for Microsoft SharePoint and Veeam Explorer for Microsoft OneDrive for Business.
Global Administrator or Teams Administrator — required for data restore with Veeam Explorer for Microsoft Teams.
Global Administrator — required for establishing a connection to a service provider in the Office 365 Backup as a Service scenario.
---
If there any scenario that I may have missed from the knowledge articles that the backup process can be created without using "administrative" user account for MSP implementation?
Thanks!
-
Polina
- Veeam Software
- Posts: 2974
- Liked: 705 times
- Joined: Oct 21, 2011 11:22 am
- Full Name: Polina Vasileva
- Contact:
Re: Data privacy concern of MSP deployment
Hi Eric,
Your understanding is absolutely correct; with modern app-only authentication, an admin account is a must.
Your understanding is absolutely correct; with modern app-only authentication, an admin account is a must.
Who is online
Users browsing this forum: No registered users and 16 guests