Home > Required Permissions > App Profile Authentication > Required Permissions of AvePoint Cloud Backup Express App
Export to PDFRequired Permissions of AvePoint Cloud Backup Express App
To protect Exchange Online mailboxes, SharePoint Online site collections, OneDrive, Team sites and Group sites with AvePoint Cloud Backup Express, you must configure a Cloud Backup Express service app for the Auto discovery and data protection.
When consenting to the Cloud Backup Express app profile, the authentication user must be a Microsoft 365 Global Administrator. To re-authorize the Cloud Backup Express app, the authentication user who provides consent to the app must have the Microsoft 365 Backup Administrator role.
Refer to the table below for the API permission requirement for AvePoint Cloud Backup Express app.
| API | Permission | Type | Why do we need it? |
|---|---|---|---|
| Office 365 Exchange Online | Exchange.ManageAsApp(Manage Exchange as Application) | Application | Scan mailboxes. |
| Office 365 SharePoint Online | Sites.FullControl.All(Have full control of all site collections) | Application | Scan SharePoint Online site collections. |
| Office 365 SharePoint Online | User.Read.All(Read all users' full profiles) | Application | Retrieve the Microsoft 365 Users’ user profiles. |
| Microsoft Graph | BackupRestore-Configuration.ReadWrite.All(Read and edit all backup configuration policies) | Application | Update backup settings and trigger backup jobs in Microsoft 365. |
| Microsoft Graph | BackupRestore-Restore.ReadWrite.All(Read all restore sessions and start restore sessions from backups) | Application | Perform data recovery. |
| Microsoft Graph | BackupRestore-Search.Read.All(Search for metadata properties in all backup snapshots) | Application | Retrieve recovery points. |
| Microsoft Graph | Directory.Read.All(Read directory data) | Application | Retrieve users and Groups. |
| Microsoft Graph | Group.Read.All(Read all groups) | Application | Scan Microsoft 365 Groups and Teams. |
| Microsoft Graph | Reports.Read.All(Read all usage reports) | Application | Retrieve Microsoft 365 data size. |
| Microsoft Graph | Sites.Read.All(Read items in all site collections) | Application | Read and list sites for the sync of recovery points. |
| Microsoft Graph | User.Read.All(Read all users' full profiles) | Application | Read and list users for the sync of recovery points. |
| Microsoft Graph | BackupRestore-Control.ReadWrite.All(Manage backup controller) | Delegated | Manage app for bill consuming and enable backup service. |
On this page