Maintain control of your Microsoft 365 data
Post Reply
kunniyoor
Enthusiast
Posts: 33
Liked: never
Joined: Mar 15, 2015 6:47 am
Full Name: Krishnakuamr
Contact:

[Feature Request] User access restriction at VBM365 console level

Post by kunniyoor »

Hi
Unfortunately veeam is not supporting application level user restriction. Because of that whoever RDP to the VBM365 server can access the console and able to read or take out sensitive emails. Can veeam consider "user access restriction at VBM365 console level rather restrict at server level using group policy"?.

Thanks

BR
Krish
Mildur
Product Manager
Posts: 9848
Liked: 2607 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: Feature Request - User access restriction at VBM365 console level

Post by Mildur »

Hi Krish

Thanks for the request.
Someone with administrative windows permission on the VBR server can always find a way to give himself admin permission in an application.

I suggest using the restore portal for doing the restores, while restricting access to the VB365 server itself to a few trusted people. We have RBAC roles within the Restore Portal. The content of an item cannot be accessed in the portal.
Addionally, activate audit logging for these sensitive mailboxes. You will get an email when they are accessed over the VB365 console & explorers:
https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=60
https://community.veeam.com/blogs-and-p ... ration-344

Thanks
Fabian
Product Management Analyst @ Veeam Software
Mike Resseler
Product Manager
Posts: 8191
Liked: 1322 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Feature Request - User access restriction at VBM365 console level

Post by Mike Resseler »

Hi Krish,

On top of what Fabian says, if we would implement this, would it then be OK that the backup admin cannot get to the console through RDP. Meaning, he or she would need to login from his laptop/ desktop or jump box and login to some sort of web-based console. Also, I would consider this a possibility for day-to-day tasks. Big config changes would still need to happen in the desktop UI. Thoughts?
kunniyoor
Enthusiast
Posts: 33
Liked: never
Joined: Mar 15, 2015 6:47 am
Full Name: Krishnakuamr
Contact:

Re: [Feature Request] User access restriction at VBM365 console level

Post by kunniyoor »

@Fabian, Thanks for the recommendations. Will try restore portal option with audit logging and see if that is fesibale and convinient for the end customer.

@Mike you nailed it.. yes, kind of web-based console access can be a better option for day-to-day task. Further, the user who RDP to VBM server has full visiblity of all users email content, which is serious breach. hope through web- based console we can provide better management and secure access.

Thanks

BR
Krish
Post Reply

Who is online

Users browsing this forum: No registered users and 7 guests