Microsoft Graph API – application permissions
| Permission name | Usage | Required |
|---|---|---|
| Application.ReadWrite.All | Maintain the reply URL and the secret key auto creation. | No* |
| Directory.Read.All | Discover all users and user groups. | Yes |
| Group.ReadWrite.All | Discover all user groups. | Yes |
| Policy.Read.All | Read your organization's policies | Yes |
*The Application.ReadWrite.All permission is required for the Metallic Backup App for Exchange Online to create new apps. This permission can be removed for the other apps created by the Metallic Backup App for Exchange Online. The Application.ReadWrite.All and the Group.ReadWrite.All permissions can be replaced with Application.Read.All and Group.Read.All permissions for express or custom apps.
Additional application permissions that are required for other Exchange Online apps
Microsoft Graph API – application permissions
| Permission name | Usage | Required |
|---|---|---|
| Group.Read.All | Discover all groups. | Yes |
| MailboxSettings.Read | Discover all user mailbox settings. | Yes |
| User.Read.All | Discover full profiles of all users. | Yes |
| MailboxItem.ImportExport.All | Back up and restore the mailboxes. | Yes |
| MailboxItem.Read.All | Read all the users' mailbox items. | No |
| MailboxFolder.Read.All | Read all the users' mailbox folders. | No |
Microsoft Graph API – delegated permissions
| Permission name | Usage | Required |
|---|---|---|
| Directory.AccessAsUser.All | Access the directory as the signed-in user. | No |
Exchange Web Services API – application permissions
| Permission name | Usage | Required |
|---|---|---|
| full_access_as_app | Backup and restore the mailboxes. | Yes |
| Exchange.ManageAsAppV2 | Administer Exchange Online resources using app-only access. | Yes |
Application permissions required exclusively for backing up Exchange Online apps
| Permission name | Usage | Required |
|---|---|---|
| Group.Read.All | Discover all groups. | Yes |
| MailboxItem.ImportExport.All | Back up and restore the mailboxes. | Yes |
| User.Read.All | Discover full profiles of all users. | Yes |
| full_access_as_app | Backup and restore the mailboxes by using EWS. | Yes |
| Exchange.ManageAsAppV2 | Administer Exchange Online resources using app-only access. | Yes |