Roles and Permissions required for MSP Backup
MSP Backup requires specific User Account roles when configuring a M365 Organization for Backup. A user account must be assigned the following roles:
- Global Administrator — required to perform several key tasks, including adding organizations that use modern app-only authentication, creating backup applications, registering a Microsoft Entra application, and creating a Microsoft Entra application.
- Exchange:
- ApplicationImpersonation, and Global Administrator or Exchange Administrator — required to perform data restores for Microsoft Exchange.
- OneDrive:
- Global Administrator or SharePoint Administrator — required to perform data restores for Microsoft SharePoint and Microsoft OneDrive for Business.
- Teams:
- Global Administrator or Teams Administrator — required to perform data restores for Microsoft Teams.
- Public folders:
- Owner — required to back up public folder mailboxes.
- Owner — required to back up public folder mailboxes.
Notice:
- We only require the Global Administrator role to configure the Microsoft Entra Application with the proper permissions. Once the Application is created, you can remove the Global Administrator role.
- The Microsoft Entra Application will be named: ProbaxO365_AppOnly
Microsoft Entra applications created by MSP Backup, require certain account permissions and are automatically granted when adding organizations through our platform.
Required Permissions for Backup & Restore
To being protecting a Microsoft 365 organization using MSP Backup, please follow our guide: How To: Deploy Microsoft 365 Protection