Question

Teams Microsoft API Delegated Permissions

  • 11 June 2024
  • 3 replies
  • 40 views

Badge +1

I’ve recently deployed an M365 backup from Commvault Cloud. I would like to understand why Teams backup requires a Microsoft API Delegated Permissions and why can’t Microsoft API Application Permissions instead.


3 replies

Badge +4

Hi @Rajkumarrdn , 

The Commvault cloud require certain API permissions to setup and backup Teams on the Metallic/SaaS platform. 

 

Please refer the below article link with details on which permissions are needed and why:
https://documentation.metallic.io/metallic/application_permissions_for_azure_app_for_teams.html

 

This contains the information on both “Microsoft Graph API Application Permissions” and “Microsoft Graph API Delegated Permissions”

Badge +1

@Pratik , Thank you for sharing the documentation. Still, It’s unclear on the document. I mean, Why is a dedicated account needed for Teams backup and restore? Why can't we use it as all other Exchange, SharePoint & OneDrive where we don’t need to use any dedicated account?

Badge +2

Hello @Rajkumarrdn,

 

With Teams we require an dedicated account is because, with Teams we do an Token based Authentication with Delegated access, which actually requires an User Account for the Token authorization to the Teams Application to happen, while Exchange, Sharepoint and OneDrive we don’t use Token based authentication, but just an App only permission which doesn’t require the User Account as the first Authorization is being done or completed.

Adding an MSFT Documentation with the Auth Concepts for your reference: https://learn.microsoft.com/en-us/graph/auth/auth-concepts

Hope this helps out on why for Teams we require an User Account, Let me know if any questions, thank you!

BR,
Arvind, SaaS Advanced Engineer
 

Reply