The table describes the usage of the application permissions for the Backup App for Exchange Online.
|
Microsoft Graph API - Application Permissions |
Usage |
Required |
|---|---|---|
|
Application.ReadWrite.All |
Maintain the reply URL and the secret key auto creation. |
No* |
|
Directory.Read.All |
Discover all users and user groups. |
Yes |
|
Group.ReadWrite.All |
Discover all user groups. |
Yes |
*The Application.ReadWrite.All permission is required for the Metallic Backup App for Exchange Online to create new apps. This permission can be removed for the other apps created by the Metallic Backup App for Exchange Online. The Application.ReadWrite.All and the Group.ReadWrite.All permissions can be replaced with Application.Read.All and Group.Read.All permissions for express or custom apps.
The table describes the usage of additional application permissions that are required for other Exchange Online apps.
|
Microsoft Graph API - Application Permissions |
Usage |
Required |
|---|---|---|
|
Group.Read.All |
Discover all groups. |
Yes |
|
MailboxSettings.Read |
Discover all user mailbox settings. |
Yes |
|
User.Read.All |
Discover full profiles of all users. |
No |
|
MailboxItem.ImportExport.All |
Backup and restore the mailboxes. |
No |
|
MailboxItem.Read.All |
Read all the users' mailbox items. |
No |
|
MailboxFolder.Read.All |
Read all the users' mailbox folders. |
No |
|
Microsoft Graph API - Delegated Permissions |
Usage |
Required |
|---|---|---|
|
Directory.AccessAsUser.All |
Access the directory as the signed in user. |
No |
|
Exchange web services API- Application Permissions |
Usage |
Required |
|---|---|---|
|
full_access_as_app |
Backup and restore the mailboxes. |
Yes |