☰
Related Products
ADManager Plus
ADAudit Plus
ADSelfService Plus
M365 Manager Plus
The roles and permissions or minimum scope required by a service account configured for RecoveryManager Plus are listed below.
The minimum scope required by a service account configured for RecoveryManager Plus should be a member of Exchange administrator role.
The minimum scope required by an application registration configured for RecoveryManager Plus should be a member of Exchange administrator role.
| Module | API name | Permission | Scope |
|---|---|---|---|
| Module | API name | Permission | Scope |
| Exchange Online | Microsoft 365 Exchange Online | EWS.AccesAsUser.All | Back up and restore mailboxes |
| full_access_as_app | Use Exchange Web Services to back up and restore mailboxes | ||
| Exchange.ManageAsApp | Manage Exchange as Application | ||
| SharePoint and OneDrive | SharePoint | Sites.FullControl.All | Back up and restore sites |
| User.ReadWrite.All | Read and write the full set of profile properties, reports, and managers of users | ||
| Microsoft Teams | Microsoft Graph | Team.ReadBasic.All | Get a list of all teams |
| ChannelSettings.ReadWrite.All | Read and write the names, descriptions, and settings of all channels | ||
| Files.Read.All | Read files in all site collections | ||
| ChannelMessage.Read.All | Read all channel messages | ||
| Microsoft Entra ID | Azure Active Directory Graph | Domain.ReadWrite.All | Read and write all domain properties |
| Microsoft Graph → Application Permissions | AppRoleAssignment.ReadWrite.All | Manage app permission grants and app role assignments | |
| AdministrativeUnit.ReadWrite.All | Read and write all administrative units | ||
| Application.ReadWrite.All | Read and write all applications | ||
| AppRoleAssignment.ReadWrite.All | Manage app permission grants and app role assignments | ||
| Directory.ReadWrite.All | Read and write directory data | ||
| Domain.ReadWrite.All | Read and write domains | ||
| Group.Create | Create groups | ||
| Group.ReadWrite.All | Read and write all groups | ||
| Policy.Read.All | Read your organization's policies | ||
| Policy.ReadWrite.ApplicationConfiguration | Read and write your organization's application configuration policies | ||
| Policy.ReadWrite.Authorization | Read and write your organization's authorization policy | ||
| Policy.ReadWrite.ConditionalAccess | Read and write your organization's conditional access policies | ||
| RoleManagement.ReadWrite.Directory | Read and write all directory RBAC settings | ||
| AuditLog.Read.All | Read all audit log data | ||
| BitlockerKey.Read.All | Read all BitLocker keys |
Copyright © 2023, ZOHO Corp. All Rights Reserved.
Previous Topic