Missing application permissions: Exchange.ManageAsApp. Missing application roles: Global Reader. Public folder and discovery search mailboxes will be skipped from processing, and a shared mailbox type will not be identified.
Missing application permissions: ChannelMember.Read.All. Private and shared team channels will be skipped from processing
We tried to look on the Microsoft website for the rights part, but it's very chaotic and we didn't understand what to change.
Also in the "App Registrations" part and we find 3 "VeeamBackup" and several "VeeamBackupApplication".
Should all of them be modified?
Just a question that goes beyond this issue, but still related to Veeam Backup for Microsoft 365.
I printed a report with the list of users protected and not protected by Veeam (about 50% protected).
I was wondering why many were not protected, since the job is set to save everything (without filters).
In some cases I saw that the user has never connected.
In others, however, the last time he accessed was in 2023.
I think this is the discriminant of the save, but I wanted to have more details (for example how much time must pass since the last save to still be taken into consideration).
So you have a job with the setting of "Entire Organization" but not all users are protected? And the users that are not protected are still enabled in M365?
yes, we save the "Entire Organization" and several users are not saved.
As I wrote, it seems because they've never logged in to MS365 (since they were created) or they've not connected for several months.
For this reason I'd like to know the logic that is applied for saving, such as if users who've not logged in in the last 6 months are filtered.
I followed the url suggested by @pr_osit but there is still "Missing application roles: Global Reader. Public folder and discovery search mailboxes will be skipped from processing, and a shared mailbox type will not be identified.".
This error message makes sense since this tenant does not have any public folders !
@mjr.epicfail, the suggested guide I read to check permissions from @pr_osit was not enough.
Following the tech support, I had to revalidate all organizations and it was ok after that.
But that revalidation brought the Global Reader permission/role to the Veeam 365 application, which I hadn't imagined and don't like too much by the way...
So it's currently resolved without the latest patch but thanks for the info.
Yes, running the organization wizard again and selecting the option "Grant this application required permissions and register its certificate in Azure AD" will apply all the necessary permissions for you.
Danny is correct. We recommend deploying the patch he shared. The patch fixes the top known issues we observed in the first two months of the Veeam Backup for Microsoft 365 v8 release.
Missing application permissions: Exchange.ManageAsApp.
Missing application roles: Global Reader. Public folder and discovery search mailboxes will be skipped from processing, and a shared mailbox type will not be identified.
And also with:
" The easiest way to add the required Azure permissions is to revalidate the organization:
right click edit the organization.onmicrosoft.com, Next Next Next
Install the Application certificate that corresponds to the Application ID.
Under the Install button, there is this checkbox:
"Grant this application required permissions and register its certificate in Azure AD".
Please check it. Next Finish. Finish revalidating the organization, make sure that all components are green, check if the issue is resolved."
