Storm season is back, bringing with it the potential for significant weather events. If you have clients in areas prone to infrastructure disruption, visit the Disaster Recovery Resources guide for preparedness information. Datto recommends performing proactive disaster recovery testing to mitigate potential downtime. See our articles about the importance of disaster recovery testing and Preparing For A Cloud Virtualization Test: Policies, Procedures, And Partner Responsibilities to learn more. For live updates, follow @datto on Twitter.

SaaS Protection/Backupify for Office 365 Permissions Explained

Follow

Below you will find our complete list of necessary permissions for installing SaaS Protection/Backupify for Office 365, and why the application needs those permissions:

  • Read and Write Devices
    • Allows the app to read and write all device properties without a signed in user. Does not allow device creation, device deletion or update of device alternative security identifiers.
  • Enable Sign-on and read users profiles
    • Allow users to sign in to the application with their organizational accounts and let the application read the profiles of signed-in users, such as their email address and contact information.
  • Read directory data
    • Allow the application to read data in your organization's directory, such as users, groups and applications.
  • Read and write directory data
    • Allow the application to read and write data in your organization's directory, such as users and groups.
  • Read and write all groups
    • Allows the app to create groups on behalf of the signed-in user and read all group properties and memberships. Additionally, this allows the app to update group properties and memberships for the groups the signed-in user owns.
  • Access Organization’s directory
    • Allows us to determine the users available for backup, and identify what services are active.
    • Allow the application to access your organization's directory on behalf of the signed-in user.
  • Run search queries as a user
    • Allows the app to run search queries and to read basic site info on behalf of the current signed-in user. Search results are based on the user's permissions instead of the app's permissions.
  • Read and write user files
    • Allows us to backup and restore OneDrive files
    • Allows the app to read, create, update, and delete the current user's files.
  • Have full control of all site collections
    • Allows the app to have full control of all site collections without a signed in user.
  • Read and write user profiles
    • Allows the app to read and update user profiles and to read basic site info without a signed in user.
    • Allows the app to read and update user profiles and to read basic site info on behalf of the signed-in user.
  • Read and write items and lists in all site collections
    • Allows us to backup and restore sites collection items.
    • Allows the app to read, create, update, and delete document libraries and lists in all site collections without a signed in user.
    • Allows the app to read, create, update, and delete document libraries and lists in all site collections on behalf of the signed-in user.
  • Read and write managed metadata
    • Allows the app to write enterprise managed metadata and to read basic site info without a signed in user.
  • Read user files
    • Allows us to identify what users are available for backup.
    • Allows the app to read the current user's files.
  • Read and write items in all site collections
    • Allows the app to create, read, update, and delete documents and list items in all site collections without a signed in user.
  • Read and write user contacts
    • Allows us to backup and restore contacts
    • Allows the app to create, read, update, and delete user contacts.
  • Access mailboxes as the signed-in user via Exchange Web Services
    • Allows the app to have the same access to mailboxes as the signed-in user via Exchange Web Services.
  • Read and write contacts in all mailboxes
    • Allows the app to create, read, update, and delete all contacts in all mailboxes without a signed-in user.
  • Read and write user mail
    • Allows the app to create, read, update, and delete email in user mailboxes. Does not include permission to send mail.
  • Read and write user calendars
    • Allows us to backup and restore calendars
    • Allows the app to create, read, update, and delete events in user calendars.
  • User Exchange Web Services with full access to all mailboxes
    • Allows the app to have full access via Exchange Web Services to all mailboxes without a signed-in user.
  • Read and write mail in all  mailboxes
    • Allows us to backup and restore email
    • Allows the app to create, read, update, and delete mail in all mailboxes without a signed-in user. Does not include permission to send mail.
  • Read and write calendars in all mailboxes
    • Allows us to backup and restore exchange calendars and email invites
    • Allows the app to create, read, update, and delete events of all calendars without a signed-in user.

 -

To contact Backupify/Datto SaaS Protection support, click here to submit a Support Request, or click here for more contact options.


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Calling all Partners! We want to hear your feedback! Please participate in this quick survey and help us build a better, more-relevant Knowledge Base!

Want to talk about it? Head on over to our Community Forum!