After upgrade to 8.0.2.159

[GianlucaCroci]

Hello,

we've upgraded our Veeam Backup for Microsoft 365 to 8.0.2.159.

Now when we run the backup we've these warning

Code: Select all

Missing application permissions: Exchange.ManageAsApp. Missing application roles: Global Reader. Public folder and discovery search mailboxes will be skipped from processing, and a shared mailbox type will not be identified.

Missing application permissions: ChannelMember.Read.All. Private and shared team channels will be skipped from processing

We tried to look on the Microsoft website for the rights part, but it's very chaotic and we didn't understand what to change.

Also in the "App Registrations" part and we find 3 "VeeamBackup" and several "VeeamBackupApplication".
Should all of them be modified?


Thanks in advance for the reply.

[pat_ren]

I had this issue too, right click on the org with the problem and edit it, click next a few times to find the app ID

Check these permissions and add the ones that are missing, and add the global reader permission as per this KB
https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=80

[GianlucaCroci]

Thanks a lot.


Just a question that goes beyond this issue, but still related to Veeam Backup for Microsoft 365.

I printed a report with the list of users protected and not protected by Veeam (about 50% protected).
I was wondering why many were not protected, since the job is set to save everything (without filters).
In some cases I saw that the user has never connected.
In others, however, the last time he accessed was in 2023.
I think this is the discriminant of the save, but I wanted to have more details (for example how much time must pass since the last save to still be taken into consideration).


Thanks again for the precious help

[Mike Resseler]

@GianlucaCroci

So you have a job with the setting of "Entire Organization" but not all users are protected? And the users that are not protected are still enabled in M365?

[GianlucaCroci]

Hello,

yes, we save the "Entire Organization" and several users are not saved.
As I wrote, it seems because they've never logged in to MS365 (since they were created) or they've not connected for several months.
For this reason I'd like to know the logic that is applied for saving, such as if users who've not logged in in the last 6 months are filtered.

Thanks

[ACrispiels]

Hello,

I followed the url suggested by @pr_osit but there is still "Missing application roles: Global Reader. Public folder and discovery search mailboxes will be skipped from processing, and a shared mailbox type will not be identified.".

This error message makes sense since this tenant does not have any public folders !

What did I miss ?

[ACrispiels]

Hello,


No news since more than a week, the case id #07454261 has been opened today...

[mjr.epicfail]

There is a new CP:
Maybe this fixes your issues?

https://www.veeam.com/kb4656

[ACrispiels]

@mjr.epicfail, the suggested guide I read to check permissions from @pr_osit was not enough.
Following the tech support, I had to revalidate all organizations and it was ok after that.
But that revalidation brought the Global Reader permission/role to the Veeam 365 application, which I hadn't imagined and don't like too much by the way...
So it's currently resolved without the latest patch but thanks for the info.

[mjr.epicfail]

Hi Alain,

Good to hear you got it fixed, but you should install the patch too, as it fixes a lot and could prevent issues in the future

[Mildur]

Hi @ACrispiels

Yes, running the organization wizard again and selecting the option "Grant this application required permissions and register its certificate in Azure AD" will apply all the necessary permissions for you.
Danny is correct. We recommend deploying the patch he shared. The patch fixes the top known issues we observed in the first two months of the Veeam Backup for Microsoft 365 v8 release.

Best,
Fabian

[ACrispiels]

Ok @Fabian, I'll do that upgrade soon.

[troll@fixsys.nl]

We have resolved the issue with following:

Missing application permissions: Exchange.ManageAsApp.
Missing application roles: Global Reader. Public folder and discovery search mailboxes will be skipped from processing, and a shared mailbox type will not be identified.

Adding role:
- ExchangeManageAsApp
- GlobalReader
- ExchangeAdministrator

And also with:
" The easiest way to add the required Azure permissions is to revalidate the organization:
right click edit the organization.onmicrosoft.com, Next Next Next
Install the Application certificate that corresponds to the Application ID.
Under the Install button, there is this checkbox:
"Grant this application required permissions and register its certificate in Azure AD".
Please check it. Next Finish. Finish revalidating the organization, make sure that all components are green, check if the issue is resolved."

[eyvindb]

Same issue.. are there any way to reauthenticate through the service provider portal?

Regards,
Eyvind B

[GianlucaCroci]

we've installed the last version of Veeam (v.8.1.0.305), and then edited the "organization.onmicrosoft.com" to the end, and now the problem is solved.

thanks

[mjr.epicfail]

Thats great!

Thanks for sharing.