[Feature Request] User access restriction at VBM365 console level

[kunniyoor]

Hi
Unfortunately veeam is not supporting application level user restriction. Because of that whoever RDP to the VBM365 server can access the console and able to read or take out sensitive emails. Can veeam consider "user access restriction at VBM365 console level rather restrict at server level using group policy"?.

Thanks

BR
Krish

[Mildur]

Hi Krish

Thanks for the request.
Someone with administrative windows permission on the VBR server can always find a way to give himself admin permission in an application.

I suggest using the restore portal for doing the restores, while restricting access to the VB365 server itself to a few trusted people. We have RBAC roles within the Restore Portal. The content of an item cannot be accessed in the portal.
Addionally, activate audit logging for these sensitive mailboxes. You will get an email when they are accessed over the VB365 console & explorers:
https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=60
https://community.veeam.com/blogs-and-p ... ration-344

Thanks
Fabian

[Mike Resseler]

Hi Krish,

On top of what Fabian says, if we would implement this, would it then be OK that the backup admin cannot get to the console through RDP. Meaning, he or she would need to login from his laptop/ desktop or jump box and login to some sort of web-based console. Also, I would consider this a possibility for day-to-day tasks. Big config changes would still need to happen in the desktop UI. Thoughts?

[kunniyoor]

@Fabian, Thanks for the recommendations. Will try restore portal option with audit logging and see if that is fesibale and convinient for the end customer.

@Mike you nailed it.. yes, kind of web-based console access can be a better option for day-to-day task. Further, the user who RDP to VBM server has full visiblity of all users email content, which is serious breach. hope through web- based console we can provide better management and secure access.

Thanks

BR
Krish