Feature Request: For MS Teams Backup determine the owner of an M365 group

[HenryH]

When creating additional BackupJobs, we encountered the problem that there are various teams that no longer have an owner. These new teams added to the backup job then fail during backup, as described in the forum post (veeam-backup-for-microsoft-365-f47/fail ... 80809.html).

Is there a way to check whether additional teams have at least one owner when they are added? I am not informed that a corresponding team no longer has an owner, neither during manual recording nor via PowerShell commandlets.

In order to determine the owners of a team in other ways, e.g. Get-UnifiedGroup, you need additional PowerShell modules on the one hand and the corresponding rights (in this case EXO admin rights) on the other. On the other hand, there is also the fact that multi-factor authentication may be required to obtain such rights, which is the case for us. This means that such queries cannot be used in a script.

The better way seems to me to implement a PowerShell command that can also query the owners of a team (For example Get-VBOOrganizationGroupOwner -Group $M365Group), analogous to the command “Get-VBOOrganizationGroupMember -Group $M365Group”. This should not be a problem, since in the backup solution the fact that a team does not have an owner obviously means that the team is not backed up and must therefore somehow be queried by Veeam.

Case #07442917 — Failed to find Team mailbox owner account.

[Seve CH]

Hi

I am seeing some requests like this one which asks to be able use Veeam to administer M365 instead of doing it properly (Use MS tools or ask the customer for the required information). Please count a -1 for such feature requests.

Example of such other requests: veeam-backup-for-microsoft-365-f47/tota ... 94580.html
Instead of asking the customer for information or access for automation, a service provider can now create statistics about the customer's licensing on his/her back using VBO365.

I don't want a backup operator, internal or service provider, to be able to start querying the tenant's settings or doing owner changes, etc. using the M365 backup system. VBO365 requires high privileges to do its job, and only for this reason it is getting them. This kind of requests is like start creating AD users or groups using Veeam Backup and Recovery's guest interaction account from Veeam's GUI because you don't have DC access.

The correct way in this case is to use the M365/EntraID tools. If MFA is a problem, the cause of most cloud hacks is lack of MFA for admins combined with bad credentials hygiene, you can register your own application in your tenant and use certificate authentication to connect, but please don't lower the security for all Veeam customers.

Best regards
Seve

[HenryH]

Hi,

The ServiceRequest is not about the possibility of changing ownership via Veeam Backup M365, which would also go too far in my view, but merely about checking whether a team has an owner or not. A counter that displays the number of owners of a team would also be sufficient to filter out teams that cannot be backed up via “Veeam Backup M365” due to a non-existent owner. This query is legitimate and does not represent a security risk in my view.

Best regards
Henry