Skip to main content

How can we help you?

Druva Documentation

Microsoft 365 Permissions for Druva App

Overview

This article helps you understand the permissions that Druva requires to backup and restore your Microsoft 365 data. 

To know about how and where you need to give these permissions to authorize Druva, check this article; Configure Druva inSync for Microsoft 365.

To begin with, Druva requires both these permission types: application permissions and delegated permissions. 

Application: This will allow applications in Azure Active Directory (Azure AD) to perform actions using admin-driven consent.

Delegated: This will allow applications in Azure AD to perform actions on behalf of a particular user. 

For more information, see Microsoft Graph Permissions.

Microsoft Graph

The following table explains the permissions required to use the Microsoft Graph APIs:

# Permission Type Purpose
1. 

Channel.Create

Application

Restore Microsoft Teams channels.

2. 

Channel.ReadBasic.All

Application

Back up Microsoft Teams channel metadata.

3. 

ChannelMessage.Read.All

Application

Back up Microsoft Teams channel conversations (messages).

4.

ChannelMember.ReadWrite.All

Application

Back up and restore Microsoft Teams channel members.

5. 

ChannelSettings.ReadWrite.All

Application

Back up and restore Microsoft Teams channel settings.

6 Directory. Read. All Application Back up and restore Microsoft Teams.
7.

Directory.ReadWrite.All

Application

Restore Microsoft Teams. 

Note: The usage of this permission will be replaced with an alternative solution.

8. 

Files.Read.All

Application

Read Microsoft Teams channel files and folders to facilitate backups. 

Read users' OneDrive files.

9.

Group.Read.All

Delegated

Support Microsoft Teams discovery, search, and group information.

10.  Group.ReadWrite.All Delegated Restore Microsoft Teams. 
11.

GroupMember.ReadWrite.All

Application

Add a member to a Microsoft 365 group or a security group through the members’ navigation property.

12.

Sites.Read.All

Application

Read data from SharePoint sites and sites associated with Microsoft Teams.
13.

TeamMember.ReadWrite.All

Application

Back up and restore Microsoft Teams members.

14.

TeamSettings.ReadWrite.All

Application

Back up and restore Microsoft Teams settings.

15.

TeamsTab.Read.All

Application

Back up Microsoft Teams tab's metadata.

16.

User.Read.All

Application

Import users from Azure AD.

Office 365 Exchange Online

The following table explains the permissions required to use the Office 365 Exchange Online services:

# Permission Type Purpose
1. 

Application.ReadWrite.All

Application

Delete service principal from the associated tenant and revoke app access from the tenant.

2. 

Calendars.ReadWrite.All

Application

Back up and restore Exchange Online calendars.

3.

Contacts.ReadWrite

Application

Back up and restore Exchange Online contacts.

4. 

EWS.AccessAsUser.All

Delegated

Back up and restore Exchange Online mailboxes in admin context.

5. 

full_access_as_app

Application

Back up, restore, and discover Exchange Online mailboxes, Microsoft 365 Group mailboxes, and shared mailboxes.

6.

Mail.ReadWrite

Application

Back up and restore Exchange Online mailboxes.

7.

Tasks.ReadWrite

Application

Back up and restore Exchange Online tasks.

Office 365 SharePoint Online 

The following table explains the permissions required to use the Office 365 SharePoint Online services:

# Permission Type Purpose
1. 

Sites.FullControl.All

Application

Back up and restore SharePoint Online site collections, including  Microsoft 365 Group Team sites and modern sites.

2. 

TermStore.Read.All

Application

Back up  Managed Metadata Service SharePoint Online site collections and Microsoft 365 Group Team sites.

3.

User.Read.All

Application

Back up SharePoint site users.

4. 

User.Read.All

Delegated

Get site collection administrators during restore activity to a new site.

  • Was this article helpful?