You are here:
< Back

In order for Office 365 to properly be backed up by OffsiteDataSync, the administrative account that is used for backups must have the following permissions on all mailboxes in the organization:

  • Organizations Management role – to manage role assignments
  • Application Impersonation role
  • View-Only Configuration role – to obtain the necessary organization configuration parameters
  • View-Only Recipients role – to view the list of mailbox recipients (required for job creation)

The quickest method for making sure the roles are set correctly:

1. Open up Powershell on a local Windows machine

2. Allow the execution of unsigned code (note:  this only applies to the current Powershell session)

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

3. Download the “Connect to Office” script from:

4. Execute the “Connect to Office” script – you will be prompted for Administrator credentials


5. Enable customization of organization


6. Give the admin account the required permissions – make sure you replace “ADMIN@DOMAIN.COM” with the login you want to give permissions to

New-ManagementRoleAssignment -name:ApplicationImpersonation -Role:ApplicationImpersonation -User:ADMIN@DOMAIN.COM