Configure O365 API for Backups

You are here:
← All Topics

Protecting your O365 data is essential, and most Data Protection solutions offer api access to O365 data within their application. This ability to ‘let them in’ however needs to be configured both at a global level, and then at an application specific level, within the Azure portal.

First you will want to sign into your Microsoft 365 admin center: https://admin.microsoft.com/AdminPortal

Once signed in, on the left scroll down to Admin centers > Azure Active Directory

Navigate to Azure Active Directory > App Registrations > Click “New registration”

For the New Registration add in a descriptive name, most commonly Choose ‘Single Tenant’ and typically no Redirect. Then click Register at the Bottom.

Once you click Register you will be ‘in’ that application, and see the options for it. Scroll down to Call APIs and click on View API Permissions
Here you can add the necessary Permissions that your application will need to perform your backup. Click ‘Add a permission’

Most Permissions will be setup in the Microsoft Graph. However there are some (like SharePoint) that aren’t found inside this option, however you will need to navigate through Microsoft Graph and SharePoint to choose the appropriate permissions. If you are using Exchange, then there are additional Exchange permissions as well (such as Office 365 Exchange Online, full access). If not, then the Exchange options don’t even appear.

Once you select the application (Graph or SharePoint) you will select Application permissions

Then you select your permissions below, once finished click ‘Add permissions’ at the bottom

The ‘typical’ permission that are using to backup OneDrive, SharePoint, Teams (and all the groups/sites/users) that go along with it, are as follows

Once all the permissions are added MAKE SURE to click ‘Grant admin consent’ above the list of permissions, and confirm

You will need to grant the necessary roles to the user account you will use to authenticate to Azure as well. You can assign the user Global Administrator permissions to accomplish this task, otherwise the roles of: SharePoint Administrator, Site Collection Administrator, Exchange Administrator.