Maintain control of your Microsoft Office 365 email data
Post Reply
Denis I
Veeam Software
Posts: 12
Liked: never
Joined: May 05, 2014 2:49 pm
Full Name: Denis Ishchishin
Contact:

Restrict Backup Admin Scope in Org

Post by Denis I » Aug 24, 2018 11:57 am

Hi guys,

Is there a way to restrict org admin scope so that he can backup only some users/o365 groups?

Thanks!

tsanfilipp
Influencer
Posts: 23
Liked: never
Joined: Sep 19, 2016 3:49 pm
Full Name: Tim S
Contact:

Re: Restrict Backup Admin Scope in Org

Post by tsanfilipp » Aug 24, 2018 8:27 pm

I second this. There needs to be some kind of user access control list so that you can apply some level of security to the program.

Polina
Veeam Software
Posts: 785
Liked: 108 times
Joined: Oct 21, 2011 11:22 am
Full Name: Polina Vasileva
Contact:

Re: Restrict Backup Admin Scope in Org

Post by Polina » Aug 27, 2018 3:29 pm

Denis, Tim,

Are you specifically concerned in controlling an access for backing up data, or in restricting an ability to preview backed up data?

Denis I
Veeam Software
Posts: 12
Liked: never
Joined: May 05, 2014 2:49 pm
Full Name: Denis Ishchishin
Contact:

Re: Restrict Backup Admin Scope in Org

Post by Denis I » Aug 28, 2018 7:17 am

Hi Polina,

For backup. As for preview restriction, it would not mitigate security issues as I can explore any created backup anyway.

I know the current version of Veeam Backup for O365 does not allow for scope restrictions on its side.
I rather wonder if we could somehow limit admin rights on O365 side.

Thanks.

Polina
Veeam Software
Posts: 785
Liked: 108 times
Joined: Oct 21, 2011 11:22 am
Full Name: Polina Vasileva
Contact:

Re: Restrict Backup Admin Scope in Org

Post by Polina » Sep 12, 2018 2:18 pm

Denis,

My apologies for the such a late response; however, I believe that later is better than never.

Can you limit admin rights on the O365 side? Yes, that's possible. To restrict backup access to certain SharePoint sites or OneDrive accounts, you can grant SharePoint site collection administrator permissions to the required sites via SharePoint Online admin center, and also uncheck SharePoint Server checkmark on the Add Organization step in VBO. Exchange Online backup can be controlled by configuring impersonation (setting up for an admin the scope of users allowed for backup).

Denis I
Veeam Software
Posts: 12
Liked: never
Joined: May 05, 2014 2:49 pm
Full Name: Denis Ishchishin
Contact:

Re: Restrict Backup Admin Scope in Org

Post by Denis I » Sep 17, 2018 11:01 am

hi Polina, thanks for reply.

My two cents here. for Exchange online, when configuring impersonation for a limited nb of users you have to create appropriate Management Scope first. this mecanism looks to have quite flexible options, among them OU based filtering and much more. more infos on Management Scopes here:
https://technet.microsoft.com/en-us/lib ... .150).aspx
https://docs.microsoft.com/en-us/powers ... xchange-ps
I will post update here if we move forward with a specific implementation and get more details.

Polina
Veeam Software
Posts: 785
Liked: 108 times
Joined: Oct 21, 2011 11:22 am
Full Name: Polina Vasileva
Contact:

Re: Restrict Backup Admin Scope in Org

Post by Polina » Sep 18, 2018 2:41 pm

Thanks, Denis! Please keep us posted on the results.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest