-
- Influencer
- Posts: 11
- Liked: never
- Joined: Jul 10, 2019 1:54 pm
- Full Name: Christopher T
- Contact:
Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)
Is there any good blogs or docs for setting up the permissions and such in Azure/Office 365 portal to get Veeam Backup for Microsoft Office 365 working? I feel I'm missing something.. the best I've got is a backup with all folders, but no files from onedrive4business.
I don't find the official docs good enough, or I'm missing one vital part..
What I've done:
- App registration in azure ad with api permissions (Directory.Read.All, Group Read.All). I even added Sharepoint access: Site.Manage.All, TeamStore.ReadWrite.All, User.ReadWrite.All
- created a "service user" in azure ad, given it ownership of app reg'ed, and enabled mfa. For this service user i had to log into o365portal and use my own phone and email? That doesn't seem right in my book.. is that the only way to get a "service user" with MFA? I end up using app passwords anyway for the backup setup..?
First I'm only focusing on Sharepoint and Onedrive backup, so I've skipped ApplicationImpersonation role etc the doc talks about.. I gave the user SharePoint Administrator role though.
First time it seemed to work, but I only got folder backups as mentioned, no files.. second try errors, or if I try to re-register my organisation (edit) I get errors about Powershell cmdlets:
Failed to execute cmdlet: Get-OrganizationConfig
Failed to execute cmdlet: Get-ManagementRoleAssignment
I don't find the official docs good enough, or I'm missing one vital part..
What I've done:
- App registration in azure ad with api permissions (Directory.Read.All, Group Read.All). I even added Sharepoint access: Site.Manage.All, TeamStore.ReadWrite.All, User.ReadWrite.All
- created a "service user" in azure ad, given it ownership of app reg'ed, and enabled mfa. For this service user i had to log into o365portal and use my own phone and email? That doesn't seem right in my book.. is that the only way to get a "service user" with MFA? I end up using app passwords anyway for the backup setup..?
First I'm only focusing on Sharepoint and Onedrive backup, so I've skipped ApplicationImpersonation role etc the doc talks about.. I gave the user SharePoint Administrator role though.
First time it seemed to work, but I only got folder backups as mentioned, no files.. second try errors, or if I try to re-register my organisation (edit) I get errors about Powershell cmdlets:
Failed to execute cmdlet: Get-OrganizationConfig
Failed to execute cmdlet: Get-ManagementRoleAssignment
-
- VP, Product Management
- Posts: 27377
- Liked: 2800 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)
Hi Christopher,
Not sure if you've seen that or not, but this KB article should give you a bit more info on that: https://www.veeam.com/kb2969
Let me know if that helps!
Not sure if you've seen that or not, but this KB article should give you a bit more info on that: https://www.veeam.com/kb2969
Let me know if that helps!
-
- Veeam Software
- Posts: 3195
- Liked: 774 times
- Joined: Oct 21, 2011 11:22 am
- Full Name: Polina Vasileva
- Contact:
Re: Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)
For setting up an account, you may also want to check this article.
It's worth to ensure that when editing your organization you've only selected SharePoint service (no Exchange), if for now, you're only looking to protect SharePoint/OneDrive.
Files in the backup could be missing if your repository is set up with the Item-level retention and if your items' modification date is older than the retention period specified. Please check out our blog and these discussions for more details:
veeam-backup-for-microsoft-office-365-f ... 58862.html
veeam-backup-for-microsoft-office-365-f ... 57105.html
It's worth to ensure that when editing your organization you've only selected SharePoint service (no Exchange), if for now, you're only looking to protect SharePoint/OneDrive.
Files in the backup could be missing if your repository is set up with the Item-level retention and if your items' modification date is older than the retention period specified. Please check out our blog and these discussions for more details:
veeam-backup-for-microsoft-office-365-f ... 58862.html
veeam-backup-for-microsoft-office-365-f ... 57105.html
-
- Influencer
- Posts: 11
- Liked: never
- Joined: Jul 10, 2019 1:54 pm
- Full Name: Christopher T
- Contact:
Re: Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)
Thanks.. some good info. I deleted my azure registered app and user, and started from scratch.
App registered and secret created. API permissions added with Directory.Read.All and Group.Read.All.
User created, with MFA. User given Sharepoint Administrator role. User has app password. Using all this to connect with modern auth.Only check Sharepoint and OneDrive.
The three first cheks fine (Connects to MS Graph, Connect to Powershell, Check SharePoint plan)
4th and 5th fails, and 6th and 7th pass.
4th Check Required cmdlets access: Failed to execute cmdlet: Get-OrganizationConfig
5th Check Read-Only Recipients role: Failed to execute cmdlet: Get-ManagementRoleAssignment
I'd like to add that my first attempt two weeks ago I only tried Sharepoint at first. A couple of days later I tried with Exchange too. And it worked.. at that time I used my global admin user. So I want(ed) to use a "service user" instead and now I'm stuck in this powershell error (permissions missing I gather..).
These errors are Exchange checks/needed for exchange online backup from what I gather.. why does it bother me? Is it because "activated" it earlier when I backed up with my global admin user?
I see the KB that Vitaliy S. mentions above, and I gather I need to give the user AllowBasicAuthPowershell and AllowBasicAuthWebServices permissions. But how do I do that?
I'm a big Azure noob.. Oh, and I'm just trying this out in a azure test/demo account a colleague of mine has. Want to get the hang of it before I touch/get help with production account(s).
I appreciate the help so far.. just need a litte nudge to get to the finish line now
App registered and secret created. API permissions added with Directory.Read.All and Group.Read.All.
User created, with MFA. User given Sharepoint Administrator role. User has app password. Using all this to connect with modern auth.Only check Sharepoint and OneDrive.
The three first cheks fine (Connects to MS Graph, Connect to Powershell, Check SharePoint plan)
4th and 5th fails, and 6th and 7th pass.
4th Check Required cmdlets access: Failed to execute cmdlet: Get-OrganizationConfig
5th Check Read-Only Recipients role: Failed to execute cmdlet: Get-ManagementRoleAssignment
I'd like to add that my first attempt two weeks ago I only tried Sharepoint at first. A couple of days later I tried with Exchange too. And it worked.. at that time I used my global admin user. So I want(ed) to use a "service user" instead and now I'm stuck in this powershell error (permissions missing I gather..).
These errors are Exchange checks/needed for exchange online backup from what I gather.. why does it bother me? Is it because "activated" it earlier when I backed up with my global admin user?
I see the KB that Vitaliy S. mentions above, and I gather I need to give the user AllowBasicAuthPowershell and AllowBasicAuthWebServices permissions. But how do I do that?
I'm a big Azure noob.. Oh, and I'm just trying this out in a azure test/demo account a colleague of mine has. Want to get the hang of it before I touch/get help with production account(s).
I appreciate the help so far.. just need a litte nudge to get to the finish line now
-
- Veeam Software
- Posts: 3195
- Liked: 774 times
- Joined: Oct 21, 2011 11:22 am
- Full Name: Polina Vasileva
- Contact:
Re: Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)
Christopher,
My apologies, I've overlooked something important in your first message: to fix the problem you need to assign the View-only Configuration and View-only Recipients roles to your service account as well (check the note in the user guide).
These two roles are needed regardless of the service you're going to protect in order to get the correct information on licensing, group accounts and so on.
My apologies, I've overlooked something important in your first message: to fix the problem you need to assign the View-only Configuration and View-only Recipients roles to your service account as well (check the note in the user guide).
These two roles are needed regardless of the service you're going to protect in order to get the correct information on licensing, group accounts and so on.
-
- Influencer
- Posts: 11
- Liked: never
- Joined: Jul 10, 2019 1:54 pm
- Full Name: Christopher T
- Contact:
Re: Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)
I have to say I somehow overlooked that. But how/where do I find/set those roles on my service account? In azure portal? sharepoint admin portal? office365 portal? (i'm portal'ed out :p)
-
- Influencer
- Posts: 11
- Liked: never
- Joined: Jul 10, 2019 1:54 pm
- Full Name: Christopher T
- Contact:
Re: Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)
So I found a role in ECP (Exchange Control Panel/Admin Center) called "View-Only Organization Management" with 'View-Only Configuration' and 'View-Only Recipients'. Is it this one? I added my user to the role but, but still get the Powershell cmdlet errors trying to connect. Is it the right one? (I'm only trying to get sharepoint/OneDrive at the moment)
-
- Influencer
- Posts: 11
- Liked: never
- Joined: Jul 10, 2019 1:54 pm
- Full Name: Christopher T
- Contact:
Re: Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)
Seems it took a while for those last permissions to come into effect.. I finally got past the powershell errors. (I was hoping for this, reading somewhere it could take 15-60 minutes).
Woohoo! Did a small OneDrive backup test and sure thing, the files showed up in the explorer
And I found another blog article that would probably have worked using PowerShell. But I really wanted it to work via webUI, which it now did.
Thanks for staying with me.
Woohoo! Did a small OneDrive backup test and sure thing, the files showed up in the explorer
And I found another blog article that would probably have worked using PowerShell. But I really wanted it to work via webUI, which it now did.
Thanks for staying with me.
-
- Veeam Software
- Posts: 3195
- Liked: 774 times
- Joined: Oct 21, 2011 11:22 am
- Full Name: Polina Vasileva
- Contact:
Re: Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)
Hi Christopher,
I'm glad it worked out for you )
When applying new roles and policies, it takes time to sync changes across the tenant (in my experience, it could take 24+ hours).
Assigning new roles in O365 can be a bit of a challenge - in case you will ever need to do this again, check out this doc how to quickly set it up via the Admin Center UI or PowerShell. Hope it helps!
I'm glad it worked out for you )
When applying new roles and policies, it takes time to sync changes across the tenant (in my experience, it could take 24+ hours).
Assigning new roles in O365 can be a bit of a challenge - in case you will ever need to do this again, check out this doc how to quickly set it up via the Admin Center UI or PowerShell. Hope it helps!
Who is online
Users browsing this forum: No registered users and 11 guests