-
- Veteran
- Posts: 948
- Liked: 53 times
- Joined: Nov 05, 2009 12:24 pm
- Location: Sydney, NSW
- Contact:
Does the Veeam Backup for Microsoft 365 uses Global Administrator as the service account?
Hi Team,
Does the Veeam Backup for Microsoft 365 leverage the Managed Identity or still use the Global Administrator account to authenticate as the service account to backup and restore M365 objects?
I've searched through:
https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=70
https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=70
But cannot find anything mentioning using managed identity either.
If not required, what will be the minimum roles or privileges required?
Thank you in advance.
Does the Veeam Backup for Microsoft 365 leverage the Managed Identity or still use the Global Administrator account to authenticate as the service account to backup and restore M365 objects?
I've searched through:
https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=70
https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=70
But cannot find anything mentioning using managed identity either.
If not required, what will be the minimum roles or privileges required?
Thank you in advance.
--
/* Veeam software enthusiast user & supporter ! */
/* Veeam software enthusiast user & supporter ! */
-
- Product Manager
- Posts: 10170
- Liked: 2715 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Does the Veeam Backup for Microsoft 365 uses Global Administrator as the service account?
Hi Albert
Required permissions are documented in the user guide:
https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=70
Global administrator permission is only required once to automatically register and configure the backup application.
After you have configured the tenant in the backup console, you can change the username to any account available in your tenant. No credentials (password) will be stored. No special permissions required.
But there is one exception when you protect public folder backups. Make sure this user has a mailbox and has owner permission on all public folders (it's documented in the user guide as well)

Best,
Fabian
Required permissions are documented in the user guide:
https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=70
Global administrator permission is only required once to automatically register and configure the backup application.
After you have configured the tenant in the backup console, you can change the username to any account available in your tenant. No credentials (password) will be stored. No special permissions required.
But there is one exception when you protect public folder backups. Make sure this user has a mailbox and has owner permission on all public folders (it's documented in the user guide as well)

Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Veteran
- Posts: 948
- Liked: 53 times
- Joined: Nov 05, 2009 12:24 pm
- Location: Sydney, NSW
- Contact:
Re: Does the Veeam Backup for Microsoft 365 uses Global Administrator as the service account?
Wow, that's great, so is this service account using some sort of secrets that must or can be rotated regularly?
--
/* Veeam software enthusiast user & supporter ! */
/* Veeam software enthusiast user & supporter ! */
-
- Product Manager
- Posts: 10170
- Liked: 2715 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Does the Veeam Backup for Microsoft 365 uses Global Administrator as the service account?
We do not store any secrets or credentials of this user account in the configuration database.
Veeam Backup for Microsoft 365 uses certificates to authenticate against the app. You can find them in the Local Machine - Certificate store of your VB365 backup server.
Our M365 organization wizard will create a certificate which is valid for 10 years. If you like, you can replace this certificate on a shorter interval.
Best,
Fabian
Veeam Backup for Microsoft 365 uses certificates to authenticate against the app. You can find them in the Local Machine - Certificate store of your VB365 backup server.
Our M365 organization wizard will create a certificate which is valid for 10 years. If you like, you can replace this certificate on a shorter interval.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Veteran
- Posts: 948
- Liked: 53 times
- Joined: Nov 05, 2009 12:24 pm
- Location: Sydney, NSW
- Contact:
Re: Does the Veeam Backup for Microsoft 365 uses Global Administrator as the service account?
Thank you, Fabian !
--
/* Veeam software enthusiast user & supporter ! */
/* Veeam software enthusiast user & supporter ! */
-
- Novice
- Posts: 3
- Liked: never
- Joined: Feb 11, 2025 6:13 pm
- Full Name: harris kelaidis
- Contact:
Re: Does the Veeam Backup for Microsoft 365 uses Global Administrator as the service account?
Hello I need also your help about 365 backup. We need to take backup of an amount of emails account that are under a very big tenant. The owner of the tenant not want to give to us the global admin because after that we will see all the email tree and not only the specific amount of mails we need to have access. How can we accomplish this?
-
- Veeam Legend
- Posts: 435
- Liked: 122 times
- Joined: Apr 22, 2022 12:14 pm
- Full Name: Danny de Heer
- Contact:
Re: Does the Veeam Backup for Microsoft 365 uses Global Administrator as the service account?
You can onboard the tenant, let the owner authenticate the devicecode, and then onboard the rest.
However, there is no way, as far as I know, that will prevent you to backup all (other) mail accounts and just browse the mail in the backup.
Backup administrators are kind of the same as janitors in a building, they have access to everything even when there is no one around.
There has to be some level of trust there, and a NDA
However, there is no way, as far as I know, that will prevent you to backup all (other) mail accounts and just browse the mail in the backup.
Backup administrators are kind of the same as janitors in a building, they have access to everything even when there is no one around.
There has to be some level of trust there, and a NDA

VMCE / Veeam Legend 2*
-
- Lurker
- Posts: 2
- Liked: never
- Joined: Aug 10, 2021 1:27 pm
- Full Name: Michael Buchser
- Location: Switzerland
- Contact:
Re: Does the Veeam Backup for Microsoft 365 uses Global Administrator as the service account?
For creating Organizations/Backup jobs, global admin is only once used to register the app.
However, for restoring of Teams and Sharepoint Objects, you will still need accounts with appropriate rights. Certificate based (app-) authentication is only supported for restoring Exchange objects.
However, for restoring of Teams and Sharepoint Objects, you will still need accounts with appropriate rights. Certificate based (app-) authentication is only supported for restoring Exchange objects.
Who is online
Users browsing this forum: No registered users and 17 guests