Tuesday, May 3, 2022

Adding additional organizations to Veeam Backup for M365 Self-Service Portal

 As promised in previous post, this time I'm explaining how to add access for additional organizations to Self-Service Portal. Do note, this is not an official guide or a best practice. Use at your own risk 😊

Assumptions in place:

  • You have a working Veeam Backup for M365 environment, with configured Self-Service Portal
  • You have two or more M365 organizations in backups
  • You have AzureAD Application ID that you are using with Self-Service Portal (the one you use when you enable Self-Service Portal)

When you have configured first (let's say 'main') organization to work with Self-Service Portal, you can only use that organizations  accounts to log in and do restores. If you try to log in with some other organization configured to Veeam Backup for M365, you will see error message similar to this:


To fix it, we need to add same AzureAD Application ID that is used with Self-Service Portal authentication, to our other organizations AzureAD. 

(This is also described in official documentation: https://helpcenter.veeam.com/docs/vbo365/guide/ssp_configuration.html?ver=60)

To do that, we need PowerShell and AzureAD PowerShell module. Instructions on installing that  PowerShell module can be found here: https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0

You also need credentials with enough privileges to add and modify Azure AD Applications in this organization.


Run these commands:
$Credential = Get-Credential
Connect-AzureAD -Credential $Credential
New-AzureADServicePrincipal -AppId "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"

After you have done that, log-in to Azure AD and look for that Application. You can search it by name or ID.


Remove "Application type==Enterprise Application" from search filters


Select that Application, in my example "VBM_Restore_Portal_Application"


Go Security/Permission and click on "Grant admin consent for <organization>"

It will require you to re-authenticate and asks you to give required permissions.


Click Accept, and try again. You should be able to login now with your second organizations credentials.

You will have to do this for all organizations that you want to have access to Self-Service Portal


Lähettänyt klo
Tunnisteet: , , , , , ,

No comments :

Post a Comment

Subscribe to: Post Comments ( Atom )