Hi Team,
Currently to allow another M365 user to access Outlook backups that are not their own, you create a role and either select "access user backups for entire tenancy" or "access user backups for selected groups" (or exclude specific groups). This level of role granularity is not convenient and doesn't accommodate security.
The scenario:
One of my branch managers wants to browse through the emails of a past employee. This employee left long ago and is no longer backed up. Therefore, the former employee no longer belongs to any current M365 group. How do you give the branch manager access to the mailbox backup without giving access to the entire tenancy backups? You can't.
Giving a user access to search the entire tenancy is very dangerous as it includes viewing emails of current employees and even senior management.
Having another security option to "Access to user backups for specific mailboxes" would be very helpful. Then when the picker box displays it can show ALL mailboxes in the entire Veeam repository to choose from.
Same should be available for old SharePoint sites or Teams.
Please consider.
Thanks,
Warren Jones
-
warrenwh
- Novice
- Posts: 3
- Liked: never
- Joined: May 21, 2025 1:49 am
- Full Name: Warren Jones
- Contact:
-
micoolpaul
- VeeaMVP
- Posts: 286
- Liked: 137 times
- Joined: Jun 29, 2015 9:21 am
- Full Name: Michael Paul
- Contact:
Re: Feature Request: Define what other "admin" users can access/browse
Hi Warren,
Thank you for the feedback, this is noted. In the meantime as a workaround for such scenarios you could choose 'access user backups for selected groups' and include a group with only the specific ex-employees.
Thank you for the feedback, this is noted. In the meantime as a workaround for such scenarios you could choose 'access user backups for selected groups' and include a group with only the specific ex-employees.
-------------
Michael Paul
Veeam Data Cloud Solution Engineer - M365 & Entra ID
Michael Paul
Veeam Data Cloud Solution Engineer - M365 & Entra ID
-
mjr.epicfail
- Veeam Legend
- Posts: 518
- Liked: 145 times
- Joined: Apr 22, 2022 12:14 pm
- Full Name: Danny de Heer
- Contact:
Re: Feature Request: Define what other "admin" users can access/browse
Maybe add something like VBR 13 security office role to still allow that employee access if needed
VMCE / Veeam Legend 2*
-
warrenwh
- Novice
- Posts: 3
- Liked: never
- Joined: May 21, 2025 1:49 am
- Full Name: Warren Jones
- Contact:
Re: Feature Request: Define what other "admin" users can access/browse
Hi Michael,
Remember in this scenario the domain user object doesn't exist, so it's not possible to put them into a new group.
Yes, for an existing employee you could create a group and add them to it. Not ideal to be making temporary groups and wouldn't do for this access - if at all.
If an employee needed access to a current user's mailbox, they would be delegated access in M365. If an email was deleted, the current target user could self-service and find it themselves.
Regards,
Warren
Remember in this scenario the domain user object doesn't exist, so it's not possible to put them into a new group.
Yes, for an existing employee you could create a group and add them to it. Not ideal to be making temporary groups and wouldn't do for this access - if at all.
If an employee needed access to a current user's mailbox, they would be delegated access in M365. If an email was deleted, the current target user could self-service and find it themselves.
Regards,
Warren
-
micoolpaul
- VeeaMVP
- Posts: 286
- Liked: 137 times
- Joined: Jun 29, 2015 9:21 am
- Full Name: Michael Paul
- Contact:
Re: Feature Request: Define what other "admin" users can access/browse
Hi Warren,
It was ambiguous if the Entra ID object remained in a disabled state, which some organisations due for a period of time.
I've passed your feedback along as it's an interesting point you make!
It was ambiguous if the Entra ID object remained in a disabled state, which some organisations due for a period of time.
I've passed your feedback along as it's an interesting point you make!
-------------
Michael Paul
Veeam Data Cloud Solution Engineer - M365 & Entra ID
Michael Paul
Veeam Data Cloud Solution Engineer - M365 & Entra ID
Who is online
Users browsing this forum: No registered users and 2 guests