Home > Microsoft > Configure App Profiles or Service Account Profiles > Configure App Profiles for Default Service Apps > Cloud Backup for Microsoft 365
Export to PDFCloud Backup for Microsoft 365
Instructions….
Refer to the following sections to see the API permissions that should be accepted when you consent to the corresponding apps.
Cloud Backup for Microsoft 365 (All Permissions)
When you create a Cloud Backup for Microsoft 365 (All permissions) app profile in AvePoint Online Services, the AvePoint Cloud Backup forMicrosoft365 (All Permissions) app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint Cloud Backup forMicrosoft365 (All Permissions) app.
| API | Permission | Type | Purpose |
|---|---|---|---|
| Microsoft Graph | TeamSettings.ReadWrite.All(Read and change all teams' settings) | Application | Back up and restore teams’ settings. |
| Microsoft Graph | TeamsTab.ReadWrite.All (Read and write tabs in Microsoft Teams) | Application | Back up and restore teams’ tabs. |
| Microsoft Graph | Sites.ReadWrite.All(Read and write items in all site collections) | Application | Back up and restore Microsoft Teams and Microsoft 365 Groups team sites data. |
| Microsoft Graph | Team.Create(Create teams ) | Application | Restore teams. |
| Microsoft Graph | Group.ReadWrite.All (Read and write all groups) | Application | Scan Microsoft 365 Groups via Auto Discovery.Back up and restore Microsoft Teams and Microsoft 365 Groups data. |
| Microsoft Graph | Sites.Manage.All (Create, edit, and delete items and lists in all site collections) | Application | Back up and restore the lists in OneDrive, and it is required if the SharePoint list has content approval settings enabled. |
| Microsoft Graph | Files.ReadWrite.All (Read and write files in all site collections) | Application | Back up and restore the OneDrive files. |
| Microsoft Graph | Directory.Read.All (Read directory data) | Application | Retrieve information for the members of Groups/Teams.Retrieve the Groups from recycle bin. |
| Microsoft Graph | User.Read.All (Read all users' full profiles) | Application | Retrieve the Microsoft 365 Users’ user profiles. |
| Microsoft Graph | TeamMember.ReadWrite.All (Add and remove members from all teams) | Application | Back up and restore teams’ members. |
| Microsoft Graph | Chat.Read.All (Read all chat messages) | Application | Back up the Teams chat messages. |
| Microsoft Graph | ChannelMessage.Read.All (Read all channel messages) | Application | Back up and restore the members and messages of the Team’s private channels. |
| Microsoft Graph | TeamsAppInstallation.ReadWriteForTeam.All (Manage Teams apps for all teams) | Application | Back up and restore teams’ apps. |
| Microsoft Graph | ChannelMember.ReadWrite.All (Add and remove members from all channels) | Application | Back up and restore the members and messages of the Team’s private channels. |
| Microsoft Graph | Tasks.ReadWrite.All (Read and write all users’ tasks and task lists) | Application | Back up and restore Planner data. |
| Microsoft Graph | ChannelSettings.ReadWrite.All (Read and write the names, descriptions, and settings of all channels) | Application | Retrieve channel information for the data protection of Teams service. |
| Microsoft Graph | Channel.Create (Create channels) | Application | Restore teams’ channels. |
| Microsoft Graph | Sites.FullControl.All (Have full control of all site collections) | Application | Back up and restore site collections. |
| Microsoft Graph | Reports.Read.All (Read all usage reports) | Application | Retrieve data size directly to improve the efficiency of Subscription Consumption Report. |
| Office 365 Exchange Online | full_access_as_app (Use Exchange Web Services with full access to all mailboxes) | Application | Back up and restore mailboxes. |
| Office 365 Exchange Online | Exchange.ManageAsApp (Manage Exchange As Application) | Application | Scan in-place archived mailboxes. |
| SharePoint/Office 365 SharePoint Online | User.ReadWrite.All (Read and write user profiles) | Application | Back up and restore Microsoft 365 user profiles related information in sites. |
| SharePoint/Office 365 SharePoint Online | TermStore.ReadWrite.All (Read and write managed metadata) | Application | Back up and restore Managed Metadata Service. |
| SharePoint/Office 365 SharePoint Online | Sites.FullControl.All (Have full control of all site collections) | Application | Back up and restore site collections. |
Cloud Backup for Microsoft 365 (Exchange Permissions)
When you create a Cloud Backup for Microsoft 365 (Exchange permissions) app profile in AvePoint Online Services, the AvePoint Cloud Backup forMicrosoft365 (Exchange Permissions) app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint Cloud Backup for Microsoft365 (Exchange Permissions) app.
| API | Permission | Type | Purpose |
|---|---|---|---|
| Office 365 Exchange Online | full_access_as_app(Use Exchange Web Services with full access to all mailboxes) | Application | Scan, back up, and restore mailboxes. |
| Office 365 Exchange Online | Exchange.ManageAsApp(Manage Exchange As Application) | Application | Scan in-place archived mailboxes. |
| Windows Azure Active Directory | User.Read(Sign in and read user profile) | Delegated | Support signing into Cloud Backup for Microsoft 365 with Microsoft 365 accounts. |
| Microsoft Graph | MailboxSettings.Read(Read all user mailbox settings) | Application | Scan Exchange Online mailboxes. |
| Microsoft Graph | Directory.Read.All(Read directory data) | Application | Retrieve your Microsoft 365 tenant information. |
| Microsoft Graph | User.Read.All(Read all users' full profiles) | Application | Verify the impersonation accounts for Public Folders. |
| Microsoft Graph | Reports.Read.All(Read all usage reports) | Application | Retrieve data size directly, which improves the efficiency of the Subscription Report. |
Cloud Backup for Microsoft 365 (SharePoint Permissions)
When you create a Cloud Backup for Microsoft 365 (SharePoint permissions) app profile in AvePoint Online Services, the AvePoint Cloud Backup forMicrosoft365 (SharePoint Permissions) app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint Cloud Backup for Microsoft365 (SharePoint Permissions) app.
| API | Permission | Type | Purpose |
|---|---|---|---|
| Microsoft Graph | Sites.ReadWrite.All(Read and write items in all site collections) | Application | Back up and restore the OneDrive content. |
| Microsoft Graph | Sites.Manage.All(Create, edit, and delete items and lists in all site collections) | Application | Back up and restore the lists in OneDrive, and it is required if the SharePoint list has content approval settings enabled. |
| Microsoft Graph | Files.ReadWrite.All(Read and write files in all site collections) | Application | Back up and restore the OneDrive files. |
| Microsoft Graph | Directory.Read.All(Read directory data) | Application | Retrieve your Microsoft 365 tenant information. |
| Microsoft Graph | User.Read.All(Read all users' full profiles) | Application | Retrieve the UPN for the authors or editors. |
| Microsoft Graph | Sites.FullControl.All(Have full control of all site collections) | Application | Back up some files in specific conditions, such as DLP-sensitive files. |
| Microsoft Graph | Reports.Read.All(Read all usage reports) | Application | Retrieve data size directly, which improves the efficiency of the Subscription Consumption Report. |
| Microsoft Information Protection Sync Service | UnifiedPolicy.Tenant.Read(Read all unified policies of the tenant) | Application | Retrieve information of published sensitivity labels from Microsoft 365. |
| Office 365 Management APIs | ActivityFeed.Read(Read activity data for your organization) | Application | Retrieve activity data in your organization to generate reports. |
| SharePoint/Office 365 SharePoint Online | Sites.FullControl.All(Have full control of all site collections) | Application | Retrieve information of SharePoint Online site collections that are scanned by auto discovery. |
| SharePoint/Office 365 SharePoint Online | User.ReadWrite.All(Read and write user profiles) | Application | Retrieve information of Microsoft 365 user profiles related to OneDrive that are scanned by auto discovery. |
| SharePoint/Office 365 SharePoint Online | TermStore.ReadWrite.All(Read and write managed metadata) | Application | Back up and restore Managed Metadata Service of SharePoint Online site collections and Microsoft 365 Group team sites. |
| Windows Azure Active Directory | User.Read (Sign in and read user profile) | Delegated | Support signing into Cloud Backup for Microsoft 365 with Microsoft 365 accounts. |
Cloud Backup Express
When you create a Cloud Backup Express app profile in AvePoint Online Services, the AvePoint Cloud Backup Express app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint Cloud Backup Express app.
*Note: When creating the Cloud Backup Express app profile, the consent user must be a Microsoft 365 Global Administrator. To re-authorize the Cloud Backup Express app, the consent us must have the Microsoft 365 Backup Administrator role.
| API | Permission | Type | Purpose |
|---|---|---|---|
| Office 365 Exchange Online | Exchange.ManageAsApp(Manage Exchange as Application) | Application | Scan mailboxes. |
| SharePoint/Office 365 SharePoint Online | Sites.FullControl.All(Have full control of all site collections) | Application | Scan SharePoint Online site collections. |
| SharePoint/Office 365 SharePoint Online | User.Read.All(Read all users' full profiles) | Application | Retrieve the Microsoft 365 Users’ user profiles. |
| Microsoft Graph | BackupRestore-Configuration.ReadWrite.All(Read and edit all backup configuration policies) | Application | Update backup settings and trigger backup jobs in Microsoft 365. |
| Microsoft Graph | BackupRestore-Restore.ReadWrite.All(Read all restore sessions and start restore sessions from backups) | Application | Perform data recovery. |
| Microsoft Graph | BackupRestore-Search.Read.All(Search for metadata properties in all backup snapshots) | Application | Retrieve recovery points. |
| Microsoft Graph | Directory.Read.All(Read directory data) | Application | Retrieve users and Groups. |
| Microsoft Graph | User.Read.All(Read all users' full profiles) | Application | Read and list users for the sync of recovery points. |
| Microsoft Graph | Sites.Read.All(Read items in all site collections) | Application | Read and list sites for the sync of recovery points. |
| Microsoft Graph | Group.Read.All(Read all groups) | Application | Scan Microsoft 365 Groups and Teams. |
| Microsoft Graph | Reports.Read.All(Read all usage reports) | Application | Retrieve Microsoft 365 data size. |
| Microsoft Graph | BackupRestore-Control.ReadWrite.All(Manage backup controller) | Delegated | Manage app for bill consuming and enable backup service. |
On this page