Backupify For Office 365 Permissions Explained

Follow

This is a complete list of permissions necessary for someone to install Backupify for Office 365, and why the application needs those permissions:

  • Read and Write Devices
    • Allows the app to read and write all device properties without a signed in user. Does not allow device creation, device deletion or update of device alternative security identifiers.
  • Enable Sign-on and read users' profiles
    • Allow users to sign in to the application with their organizational accounts and let the application read the profiles of signed-in users, such as their email address and contact information.
  • Read directory data
    • Allow the application to read data in your organization's directory, such as users, groups and applications.
  • Read and write directory data
    • Allow the application to read and write data in your organization's directory, such as users and groups.
  • Read and write all groups
    • Allows the app to create groups on behalf of the signed-in user and read all group properties and memberships. Additionally, this allows the app to update group properties and memberships for the groups the signed-in user owns.
  • Access organization’s directory
    • Allows Datto to determine the users available for backup, and identify what services are active.
    • Allow the application to access your organization's directory on behalf of the signed-in user.
  • Run search queries as a user
    • Allows the app to run search queries and to read basic site info on behalf of the current signed-in user. Search results are based on the user's permissions instead of the app's permissions.
  • Read and write user files
    • Allows Datto to back up and restore OneDrive files
    • Allows the app to read, create, update, and delete the current user's files.
  • Have full control of all site collections
    • Allows the app to have full control of all site collections without a signed in user.
  • Read and write user profiles
    • Allows the app to read and update user profiles and to read basic site info without a signed in user.
    • Allows the app to read and update user profiles and to read basic site info on behalf of the signed-in user.
  • Read and write items and lists in all site collections
    • Allows Datto to back up and restore sites collection items.
    • Allows the app to read, create, update, and delete document libraries and lists in all site collections without a signed in user.
    • Allows the app to read, create, update, and delete document libraries and lists in all site collections on behalf of the signed-in user.
  • Read and write managed metadata
    • Allows the app to write enterprise managed metadata and to read basic site info without a signed in user.
  • Read user files
    • Allows Datto to identify which users are available for backup.
    • Allows the app to read the current user's files.
  • Read and write items in all site collections
    • Allows the app to create, read, update, and delete documents and list items in all site collections without a signed in user.
  • Read and write user contacts
    • Allows Datto to back up and restore contacts
    • Allows the app to create, read, update, and delete user contacts.
  • Access mailboxes as the signed-in user via Exchange Web Services
    • Allows the app to have the same access to mailboxes as the signed-in user via Exchange Web Services.
  • Read and write contacts in all mailboxes
    • Allows the app to create, read, update, and delete all contacts in all mailboxes without a signed-in user.
  • Read and write user mail
    • Allows the app to create, read, update, and delete email in user mailboxes. Does not include permission to send mail.
  • Read and write user calendars
    • Allows Datto to back up and restore calendars
    • Allows the app to create, read, update, and delete events in user calendars.
  • User Exchange Web Services with full access to all mailboxes
    • Allows the app to have full access via Exchange Web Services to all mailboxes without a signed-in user.
  • Read and write mail in all  mailboxes
    • Allows Datto to back up and restore email
    • Allows the app to create, read, update, and delete mail in all mailboxes without a signed-in user. Does not include permission to send mail.
  • Read and write calendars in all mailboxes
    • Allows Datto to back up and restore exchange calendars and email invites
    • Allows the app to create, read, update, and delete events of all calendars without a signed-in user.

 -

To contact Backupify/Datto SaaS Protection support, click here to submit a Support Request, or click here for more contact options.


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Head on over to our Community Forum!