In order for Office 365 to properly be backed up by OffsiteDataSync, the administrative account that is used for backups must have the following permissions on all mailboxes in the organization:
- Organizations Management role – to manage role assignments
- Application Impersonation role
- View-Only Configuration role – to obtain the necessary organization configuration parameters
- View-Only Recipients role – to view the list of mailbox recipients (required for job creation)
The quickest method for making sure the roles are set correctly:
1. Open up Powershell on a local Windows machine
2. Allow the execution of unsigned code (note: this only applies to the current Powershell session)
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
3. Download the “Connect to Office” script from:
https://gallery.technet.microsoft.com/office/Connect-To-Office-365-9b235018
4. Execute the “Connect to Office” script – you will be prompted for Administrator credentials
./Connect-To-Office365.ps1
5. Enable customization of organization
Enable-OrganizationCustomization
6. Give the admin account the required permissions – make sure you replace “ADMIN@DOMAIN.COM” with the login you want to give permissions to
New-ManagementRoleAssignment -name:ApplicationImpersonation -Role:ApplicationImpersonation -User:ADMIN@DOMAIN.COM