Veeam Backup for Microsoft Office version 4c supports two different modern authentication methods and a basic authentication method for working with Office 365 organizations.
Depending on your Office 365 tenant configuration and the restrictions on using legacy authentication protocols, you can use one of the following authentication methods:
These authentication types require different sets of permissions to be configured.
Veeam service account you are going to use should have a Global Administrator role.
You can either allow Veeam Backup for Office 365 to create the Azure AD application and all the required application permissions will be granted automatically:
Or you can create an Azure AD application manually: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
And then configure the permissions in accordance with "Veeam Backup for Microsoft Office 365 Version 4c" section of this User Guide page: https://helpcenter.veeam.com/docs/vbo365/guide/azure_ad_applications.html?ver=40
Before configuring permissions below, make sure that Security Defaults are disabled in your Office 365 tenant:
And Conditional Access policies are not blocking legacy authentication protocols for the Veeam service account:
Configuring permissions for Exchange Online.
Below you may see the example of PowerShell cmdlets you could use to configure a new authentication policy with enabled AllowBasicAuthPowershell and AllowBasicAuthWebService for the Veeam service account.
To create a new authentication policy named "Allow Basic Auth":
New-AuthenticationPolicy -Name "Allow Basic Auth"
Set-AuthenticationPolicy -Identity "Allow Basic Auth" -AllowBasicAuthPowershell Set-AuthenticationPolicy -Identity "Allow Basic Auth" -AllowBasicAuthWebService
Set-User -Identity <UserIdentity> -AuthenticationPolicy "Allow Basic Auth"
Where is the Veeam service account.
Configuring Permissions for SharePoint Online.
Configuring user App password.
Configuring Azure AD Application.