Maintain control of your Microsoft Office 365 email data
Post Reply
Joffer
Novice
Posts: 5
Liked: never
Joined: Jul 10, 2019 1:54 pm
Full Name: Christopher T
Contact:

Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)

Post by Joffer » Jul 11, 2019 5:03 pm

Is there any good blogs or docs for setting up the permissions and such in Azure/Office 365 portal to get Veeam Backup for Microsoft Office 365 working? I feel I'm missing something.. the best I've got is a backup with all folders, but no files from onedrive4business.

I don't find the official docs good enough, or I'm missing one vital part..

What I've done:
- App registration in azure ad with api permissions (Directory.Read.All, Group Read.All). I even added Sharepoint access: Site.Manage.All, TeamStore.ReadWrite.All, User.ReadWrite.All
- created a "service user" in azure ad, given it ownership of app reg'ed, and enabled mfa. For this service user i had to log into o365portal and use my own phone and email? That doesn't seem right in my book.. is that the only way to get a "service user" with MFA? I end up using app passwords anyway for the backup setup..?

First I'm only focusing on Sharepoint and Onedrive backup, so I've skipped ApplicationImpersonation role etc the doc talks about.. I gave the user SharePoint Administrator role though.

First time it seemed to work, but I only got folder backups as mentioned, no files.. second try errors, or if I try to re-register my organisation (edit) I get errors about Powershell cmdlets:
Failed to execute cmdlet: Get-OrganizationConfig
Failed to execute cmdlet: Get-ManagementRoleAssignment

Vitaliy S.
Product Manager
Posts: 22747
Liked: 1518 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)

Post by Vitaliy S. » Jul 11, 2019 5:48 pm

Hi Christopher,

Not sure if you've seen that or not, but this KB article should give you a bit more info on that: https://www.veeam.com/kb2969

Let me know if that helps!

Polina
Veeam Software
Posts: 783
Liked: 108 times
Joined: Oct 21, 2011 11:22 am
Full Name: Polina Vasileva
Contact:

Re: Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)

Post by Polina » Jul 11, 2019 5:59 pm

For setting up an account, you may also want to check this article.

It's worth to ensure that when editing your organization you've only selected SharePoint service (no Exchange), if for now, you're only looking to protect SharePoint/OneDrive.

Files in the backup could be missing if your repository is set up with the Item-level retention and if your items' modification date is older than the retention period specified. Please check out our blog and these discussions for more details:
veeam-backup-for-microsoft-office-365-f ... 58862.html
veeam-backup-for-microsoft-office-365-f ... 57105.html

Joffer
Novice
Posts: 5
Liked: never
Joined: Jul 10, 2019 1:54 pm
Full Name: Christopher T
Contact:

Re: Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)

Post by Joffer » Jul 11, 2019 11:54 pm

Thanks.. some good info. I deleted my azure registered app and user, and started from scratch.
App registered and secret created. API permissions added with Directory.Read.All and Group.Read.All.
User created, with MFA. User given Sharepoint Administrator role. User has app password. Using all this to connect with modern auth.Only check Sharepoint and OneDrive.

The three first cheks fine (Connects to MS Graph, Connect to Powershell, Check SharePoint plan)
4th and 5th fails, and 6th and 7th pass.

4th Check Required cmdlets access: Failed to execute cmdlet: Get-OrganizationConfig
5th Check Read-Only Recipients role: Failed to execute cmdlet: Get-ManagementRoleAssignment

I'd like to add that my first attempt two weeks ago I only tried Sharepoint at first. A couple of days later I tried with Exchange too. And it worked.. at that time I used my global admin user. So I want(ed) to use a "service user" instead and now I'm stuck in this powershell error (permissions missing I gather..).

These errors are Exchange checks/needed for exchange online backup from what I gather.. why does it bother me? Is it because "activated" it earlier when I backed up with my global admin user?

I see the KB that Vitaliy S. mentions above, and I gather I need to give the user AllowBasicAuthPowershell and AllowBasicAuthWebServices permissions. But how do I do that?

I'm a big Azure noob.. Oh, and I'm just trying this out in a azure test/demo account a colleague of mine has. Want to get the hang of it before I touch/get help with production account(s).

I appreciate the help so far.. just need a litte nudge to get to the finish line now :)

Polina
Veeam Software
Posts: 783
Liked: 108 times
Joined: Oct 21, 2011 11:22 am
Full Name: Polina Vasileva
Contact:

Re: Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)

Post by Polina » Jul 12, 2019 10:17 am

Christopher,

My apologies, I've overlooked something important in your first message: to fix the problem you need to assign the View-only Configuration and View-only Recipients roles to your service account as well (check the note in the user guide).

These two roles are needed regardless of the service you're going to protect in order to get the correct information on licensing, group accounts and so on.

Joffer
Novice
Posts: 5
Liked: never
Joined: Jul 10, 2019 1:54 pm
Full Name: Christopher T
Contact:

Re: Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)

Post by Joffer » Jul 12, 2019 4:24 pm

I have to say I somehow overlooked that. But how/where do I find/set those roles on my service account? In azure portal? sharepoint admin portal? office365 portal? (i'm portal'ed out :p)

Joffer
Novice
Posts: 5
Liked: never
Joined: Jul 10, 2019 1:54 pm
Full Name: Christopher T
Contact:

Re: Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)

Post by Joffer » Jul 12, 2019 5:57 pm

So I found a role in ECP (Exchange Control Panel/Admin Center) called "View-Only Organization Management" with 'View-Only Configuration' and 'View-Only Recipients'. Is it this one? I added my user to the role but, but still get the Powershell cmdlet errors trying to connect. Is it the right one? (I'm only trying to get sharepoint/OneDrive at the moment)

Joffer
Novice
Posts: 5
Liked: never
Joined: Jul 10, 2019 1:54 pm
Full Name: Christopher T
Contact:

Re: Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)

Post by Joffer » Jul 12, 2019 7:03 pm

Seems it took a while for those last permissions to come into effect.. I finally got past the powershell errors. (I was hoping for this, reading somewhere it could take 15-60 minutes).

Woohoo! Did a small OneDrive backup test and sure thing, the files showed up in the explorer :)

And I found another blog article that would probably have worked using PowerShell. But I really wanted it to work via webUI, which it now did.

Thanks for staying with me.

Polina
Veeam Software
Posts: 783
Liked: 108 times
Joined: Oct 21, 2011 11:22 am
Full Name: Polina Vasileva
Contact:

Re: Any setup guide for Veeam Backup for Microsoft Office 365 (azure/o365)

Post by Polina » Jul 15, 2019 11:02 am

Hi Christopher,

I'm glad it worked out for you )
When applying new roles and policies, it takes time to sync changes across the tenant (in my experience, it could take 24+ hours).

Assigning new roles in O365 can be a bit of a challenge - in case you will ever need to do this again, check out this doc how to quickly set it up via the Admin Center UI or PowerShell. Hope it helps!

Post Reply

Who is online

Users browsing this forum: No registered users and 8 guests