Maintain control of your Microsoft 365 data
Post Reply
iivel
Novice
Posts: 4
Liked: never
Joined: Aug 10, 2021 1:27 pm
Full Name: Michael Buchser
Location: Switzerland
Contact:

modern certificate-based authentication also for Sharepoint/OneDrive and Teams Objects?

Post by iivel »

Currently, it's only possible to use the certificate-based authentication for Restoreing Exchange Objects.
However, Restoring Sharepoint/Onedrive and Teams Objects still require user Login with Sharepoint.Administrator or Team.Adminstrator Roles assigned.

Is integration of certificate-based authentication for all restore jobs planned for any future release?
This would reduce complexity for Helpdesk staff to restore MS365 objects.

According to post517683.html?hilit=modern%20certific ... n.#p517683 impersonation roles are deprecated by MS in 2025 anyway.

Kind Regards,
Michael
Mildur
Product Manager
Posts: 10722
Liked: 2915 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: modern certificate-based authentication also for Sharepoint/OneDrive and Teams Objects?

Post by Mildur »

Hi Michael,

Thank you for your request. Unfortunately, there is no information we can share today when it may be available.
This would reduce complexity for Helpdesk staff to restore MS365 objects.
Have you considered using our Restore Portal? You can assign a Restore Operator role to your helpdesk team, allowing them to use the Restore Portal to restore objects without needing the SharePoint Administrator or Team Administrator role assignments.

Currently, it's also possible to perform these actions using REST APIs or PowerShell. If you have developed your own web portal, you can utilize the REST API to restore such items with certificate-based authentication.

Best,
Fabian
Product Management Analyst @ Veeam Software
iivel
Novice
Posts: 4
Liked: never
Joined: Aug 10, 2021 1:27 pm
Full Name: Michael Buchser
Location: Switzerland
Contact:

Restore Operator Role for multiple M365 Organziations

Post by iivel »

Sorry for coming back after such a long time - but finally, I found the time to set up the Restore Portal and configure Restore Operators roles.
I followed the guide "Configuring Restore Portal for Multiple Tenants", but this includes setting up "Backup as a Service with Veeam Backup for Microsoft 365 usage scenario", which is not an option, because no local repositories are supported.

So I just set up everything else according to the guide.
Unfortunately, if I interprete it correctly, in this scenario one must configure one Restore Operator Role per Organization, and can only add users or groups from that specific organisation to that role (and not server-local users like in Enterprise Administrator).
So that's not really working for Helpdesk staff to restore MS365 objects from multiple organizations with there personal login, unless they have an account in every organizations tenant - is this correct?
Or is there any way to create Restore Operator roles for multiple organizations or add local users (or users from other organizations) to this role?
Polina
Veeam Software
Posts: 3569
Liked: 852 times
Joined: Oct 21, 2011 11:22 am
Full Name: Polina Vasileva
Contact:

Re: modern certificate-based authentication also for Sharepoint/OneDrive and Teams Objects?

Post by Polina »

Hi Michael,

1) Your understanding is correct - a restore operator must belong to the M365 tenant which data they want to restore.
2) You mentioned a scenario where "no local repositories are supported" - could you please elaborate on it? Because, AFAIR, the Restore Portal doesn't have such a limitation.

Thanks!
iivel
Novice
Posts: 4
Liked: never
Joined: Aug 10, 2021 1:27 pm
Full Name: Michael Buchser
Location: Switzerland
Contact:

Re: modern certificate-based authentication also for Sharepoint/OneDrive and Teams Objects?

Post by iivel »

Hi Polina

Thanky you for the confirmation!
The scenario where "no local repositories are supported" is regarding "SP Veeam Cloud Connect Infrastructure" with cloud connect which might probably support restore-operators to act across tenants, but - as far a smy understandign goes - only supports cloud ressources for repositiries.
Polina
Veeam Software
Posts: 3569
Liked: 852 times
Joined: Oct 21, 2011 11:22 am
Full Name: Polina Vasileva
Contact:

Re: modern certificate-based authentication also for Sharepoint/OneDrive and Teams Objects?

Post by Polina »

In Cloud Connect scenarios, there're no limitations by the repository type; service provider tenants can connect and restore their data from Jet-based repositories as well as from object storage.
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest