AvePoint Learn
Request article
Contact support
Request article
Contact support
English

    Home > Get Started > Required Permissions

    Export to PDF

    Required Permissions

    Both app profile and service account authentications are supported. Refer to the section below for the required permissions.

    NOTE

    To back up the data generated from the Project for the web, you must use the service account authentication and the service account must have the Microsoft Project license.

    Microsoft updated in this announcement that the WS-Trust authentication security protocol for connecting to Common Data Service (which has been renamed to Microsoft Dataverse) is no longer recommended and has been deprecated. AvePoint Cloud Backup for Dynamics 365 has updated the APIs to connect to Dynamics 365 to CrmServiceClient and use the Global Discovery Service to retrieve organizations as the regional Discovery service will be deprecated as well. This change will affect scan in an MFA environment. To ensure a successful scan in an MFA environment, use app profile authentication or use a service account that does not have MFA enabled.

    • If you use an app profile to communicate with your tenant, and perform backup and restore, the account you used to consent the app profile must have the Microsoft 365 Global Administrator role and the System Administrator role in your organization/environment. For the application permissions consented to the app profile or required for the custom Azure app, refer to Required Permissions Consented to the Custom App Profile.

      NOTE

      As documented in this article, Microsoft no longer automatically synchronize the System Administrator role to the Dynamics 365 global or service level admin roles such as Power Platform Administrator or Dynamics 365 Service Administrator. The Global Administrator, Power Platform Administrator, and Dynamics 365 Service Administrator must complete another step to elevate themselves to the System Administrator role in the environment where they need access.

    • The service account must have a license to the Dynamics 365 and have at least the Dynamics 365 Service Administrator role to scan and register the organizations. (In the Microsoft Graph API and Microsoft Graph PowerShell, this role is named Dynamics 365 Service Administrator. In the Azure portal, it is Dynamics 365 Administrator.)

      Additionally, for data protection, the service account must also have the System Administrator role and have the Read and Write permission to the Dynamics 365 entities protected in the backup scope. To check the user roles, follow the steps below:

      1. Sign into Power Platform admin center.

      2. Go to the Environments page, and open the environment for permission check.

      3. Navigate to Settings > Users.

      4. Find your user profile, and then click Manage security roles on the command bar to view your user roles.