Microsoft 365 Permissions for Druva App
Overview
This article helps you understand the permissions that Druva requires to backup and restore your Microsoft 365 data.
To know about how and where you need to give these permissions to authorize Druva, check this article; Configure Druva inSync for Microsoft 365.
To begin with, Druva requires both these permission types: application permissions and delegated permissions.
Application: This will allow applications in Azure Active Directory (Azure AD) to perform actions using admin-driven consent.
Delegated: This will allow applications in Azure AD to perform actions on behalf of a particular user.
For more information, see Microsoft Graph Permissions.
Microsoft Graph
The following table explains the permissions required to use the Microsoft Graph APIs:
| # | Permission | Type | Purpose |
|---|---|---|---|
| 1. |
Channel.Create |
Application |
Restore Microsoft Teams channels. |
| 2. |
Channel.ReadBasic.All |
Application |
Back up Microsoft Teams channel metadata. |
| 3. |
ChannelMessage.Read.All |
Application |
Back up Microsoft Teams channel conversations (messages). |
| 4. |
ChannelMember.ReadWrite.All |
Application |
Back up and restore Microsoft Teams channel members. |
| 5. |
ChannelSettings.ReadWrite.All |
Application |
Back up and restore Microsoft Teams channel settings. |
| 6 | Directory. Read. All | Application | Back up and restore Microsoft Teams. |
| 7. |
Directory.ReadWrite.All |
Application |
Restore Microsoft Teams.
|
| 8. |
Files.Read.All |
Application |
Read Microsoft Teams channel files and folders to facilitate backups. Read users' OneDrive files. |
| 9. |
Group.Read.All |
Delegated |
Support Microsoft Teams discovery, search, and group information. |
| 10. | Group.ReadWrite.All | Delegated | Restore Microsoft Teams. |
| 11. |
GroupMember.ReadWrite.All |
Application |
Add a member to a Microsoft 365 group or a security group through the members’ navigation property. |
| 12. |
Sites.Read.All |
Application |
Read data from SharePoint sites and sites associated with Microsoft Teams. |
| 13. |
TeamMember.ReadWrite.All |
Application |
Back up and restore Microsoft Teams members. |
| 14. |
TeamSettings.ReadWrite.All |
Application |
Back up and restore Microsoft Teams settings. |
| 15. |
TeamsTab.Read.All |
Application |
Back up Microsoft Teams tab's metadata. |
| 16. |
User.Read.All |
Application |
Import users from Azure AD. |
Office 365 Exchange Online
The following table explains the permissions required to use the Office 365 Exchange Online services:
| # | Permission | Type | Purpose |
|---|---|---|---|
| 1. |
Application.ReadWrite.All |
Application |
Delete service principal from the associated tenant and revoke app access from the tenant. |
| 2. |
Calendars.ReadWrite.All |
Application |
Back up and restore Exchange Online calendars. |
| 3. |
Contacts.ReadWrite |
Application |
Back up and restore Exchange Online contacts. |
| 4. |
EWS.AccessAsUser.All |
Delegated |
Back up and restore Exchange Online mailboxes in admin context. |
| 5. |
full_access_as_app |
Application |
Back up, restore, and discover Exchange Online mailboxes, Microsoft 365 Group mailboxes, and shared mailboxes. |
| 6. |
Mail.ReadWrite |
Application |
Back up and restore Exchange Online mailboxes. |
| 7. |
Tasks.ReadWrite |
Application |
Back up and restore Exchange Online tasks. |
Office 365 SharePoint Online
The following table explains the permissions required to use the Office 365 SharePoint Online services:
| # | Permission | Type | Purpose |
|---|---|---|---|
| 1. |
Sites.FullControl.All |
Application |
Back up and restore SharePoint Online site collections, including Microsoft 365 Group Team sites and modern sites. |
| 2. |
TermStore.Read.All |
Application |
Back up Managed Metadata Service SharePoint Online site collections and Microsoft 365 Group Team sites. |
| 3. |
User.Read.All |
Application |
Back up SharePoint site users. |
| 4. |
User.Read.All |
Delegated |
Get site collection administrators during restore activity to a new site. |