BackupRestore-Configuration.Read.All

Allows the app to read the backup configuration, and list of Microsoft 365 service resources to be backed-up, on behalf of the signed in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the BackupRestore-Configuration.Read.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	5fbb5982-3230-4882-93c0-2167523ce0c2	444ed4b6-0554-4dc6-8e9c-3f9a34ee3ff6
DisplayText	Read all backup configuration policies	Read backup configuration policies
Description	Allows the app to read all backup configurations, and lists of Microsoft 365 service resources to be backed-up, without a signed-in user.	Allows the app to read the backup configuration, and list of Microsoft 365 service resources to be backed-up, on behalf of the signed in user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxInclusionRules
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxInclusionRules/{mailboxProtectionRuleId}
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxProtectionUnits/
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxProtectionUnitsBulkAdditionJobs
	GET /solutions/backupRestore/exchangeProtectionPolicies/{mailboxProtectionPolicyId}/mailboxProtectionUnitsBulkAdditionJobs/{mailboxProtectionUnitsBulkAdditionJobId}
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{driveProtectionPolicyId}/driveProtectionUnitsBulkAdditionJobs/{driveProtectionUnitsBulkAdditionJobId}
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveInclusionRules
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveInclusionRules/{driveProtectionRuleId}
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveProtectionUnits
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveProtectionUnitsBulkAdditionJobs
	GET /solutions/backupRestore/protectionPolicies
	GET /solutions/backupRestore/protectionPolicies/{protectionPolicyBaseId}
	GET /solutions/backupRestore/protectionUnits/{protectionUnitBaseId}
	GET /solutions/backupRestore/protectionUnits/microsoft.graph.driveProtectionUnit
	GET /solutions/backupRestore/protectionUnits/microsoft.graph.mailboxProtectionUnit
	GET /solutions/backupRestore/protectionUnits/microsoft.graph.siteProtectionUnit
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteInclusionRules
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteInclusionRules/{siteProtectionRuleId}
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteProtectionUnits
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteProtectionUnitsBulkAdditionJobs
	POST /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxProtectionUnitsBulkAdditionJobs
	POST /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveProtectionUnitsBulkAdditionJobs
	POST /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteProtectionUnitsBulkAdditionJobs

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxInclusionRules
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxInclusionRules/{mailboxProtectionRuleId}
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxProtectionUnits/
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxProtectionUnitsBulkAdditionJobs
	GET /solutions/backupRestore/exchangeProtectionPolicies/{mailboxProtectionPolicyId}/mailboxProtectionUnitsBulkAdditionJobs/{mailboxProtectionUnitsBulkAdditionJobId}
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{driveProtectionPolicyId}/driveProtectionUnitsBulkAdditionJobs/{driveProtectionUnitsBulkAdditionJobId}
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveInclusionRules
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveInclusionRules/{driveProtectionRuleId}
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveProtectionUnits
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveProtectionUnitsBulkAdditionJobs
	GET /solutions/backupRestore/protectionPolicies
	GET /solutions/backupRestore/protectionPolicies/{protectionPolicyBaseId}
	GET /solutions/backupRestore/protectionUnits/{protectionUnitBaseId}
	GET /solutions/backupRestore/protectionUnits/microsoft.graph.driveProtectionUnit
	GET /solutions/backupRestore/protectionUnits/microsoft.graph.mailboxProtectionUnit
	GET /solutions/backupRestore/protectionUnits/microsoft.graph.siteProtectionUnit
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteInclusionRules
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteInclusionRules/{siteProtectionRuleId}
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteProtectionUnits
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteProtectionUnitsBulkAdditionJobs
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteProtectionUnitsBulkAdditionJobs/{siteProtectionUnitsBulkAdditionJobId}
	POST /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxProtectionUnitsBulkAdditionJobs
	POST /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveProtectionUnitsBulkAdditionJobs
	POST /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteProtectionUnitsBulkAdditionJobs

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Connect-MgGraph
	Get-MgSolutionBackupRestoreExchangeProtectionPolicyMailboxInclusionRule
	Get-MgSolutionBackupRestoreOneDriveForBusinessProtectionPolicyDriveInclusionRule
	Get-MgSolutionBackupRestoreOneDriveForBusinessProtectionPolicyDriveProtectionUnit
	Get-MgSolutionBackupRestoreProtectionPolicy
	Get-MgSolutionBackupRestoreProtectionUnit
	Get-MgSolutionBackupRestoreProtectionUnitAsMailboxProtectionUnit
	Get-MgSolutionBackupRestoreSharePointProtectionPolicySiteInclusionRule
	Get-MgSolutionBackupRestoreSharePointProtectionPolicySiteProtectionUnit

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgBetaSolutionBackupRestoreExchangeProtectionPolicyMailboxInclusionRule
	Get-MgBetaSolutionBackupRestoreExchangeProtectionPolicyMailboxProtectionUnitBulkAdditionJob
	Get-MgBetaSolutionBackupRestoreOneDriveForBusinessProtectionPolicyDriveInclusionRule
	Get-MgBetaSolutionBackupRestoreOneDriveForBusinessProtectionPolicyDriveProtectionUnit
	Get-MgBetaSolutionBackupRestoreOneDriveForBusinessProtectionPolicyDriveProtectionUnitBulkAdditionJob
	Get-MgBetaSolutionBackupRestoreProtectionPolicy
	Get-MgBetaSolutionBackupRestoreProtectionUnit
	Get-MgBetaSolutionBackupRestoreProtectionUnitAsMailboxProtectionUnit
	Get-MgBetaSolutionBackupRestoreSharePointProtectionPolicySiteInclusionRule
	Get-MgBetaSolutionBackupRestoreSharePointProtectionPolicySiteProtectionUnit
	Get-MgBetaSolutionBackupRestoreSharePointProtectionPolicySiteProtectionUnitBulkAdditionJob

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: driveProtectionRule

Property	Type	Description
id	String	The unique identifier of the protection rule associated with the policy.
createdBy	identitySet entitySet	The identity of the person who created the rule.
createdDateTime	DateTimeOffset	The date and time that the rule was created.
driveExpression	String	Contains a drive expression. For examples, see driveExpression examples.
error	publicError	If the operation fails, contain the details of the error.
isAutoApplyEnabled	Boolean	`true` indicates that the protection rule is dynamic; `false` that it's static. Static rules run one time while dynamic rules listen to all changes in the system and update the protection unit list. Currently, only static rules are supported.
lastModifiedBy	identitySet	Identity of the person who last modified this rule.
lastModifiedDateTime	DateTimeOffset	The timestamp of the last modification to this rule.
status	protectionRuleStatus	The status of the protection rule. The following are the possible values: `draft`, `active`, `completed`, `completedWithErrors`, `unknownFutureValue`.

Graph reference: driveProtectionUnit

Property	Type	Description
createdBy	identitySet	The identity of person who created the protection unit. Inherited from protectionUnitBase.
createdDateTime	DateTimeOffset	The time of creation of the protection unit. Inherited from protectionUnitBase.
directoryObjectId	String	ID of the directory object.
displayName	String	Display name of the directory object.
email	String	Email associated with the directory object.
error	publicError	Details of the error if the enablement/disablement of the protection unit fails. Inherited from protectionUnitBase.
id	String	Unique identifier of the protection policy associated with this protection unit.
lastModifiedBy	identitySet	The identity of person who last modified the protection unit. Inherited from protectionUnitBase.
lastModifiedDateTime	DateTimeOffset	The time of last modification of the protection unit. Inherited from protectionUnitBase.
policyId	String	Unique identifier of the protection policy associated with this protection unit. Inherited from protectionUnitBase.
status	protectionUnitStatus	The individual enablement/disablement/removal status of the protection unit. Inherited from protectionUnitBase. The possible values are: `protectRequested`, `protected`, `unprotectRequested`, `unprotected`, `removeRequested`, `unknownFutureValue`.

Graph reference: driveProtectionUnitsBulkAdditionJob

Property	Type	Description
createdBy	identitySet	The identity of the person who created the job.
createdDateTime	DateTimeOffset	The date and time that the job was created.
directoryObjectIds	Collection(String)	The list of OneDrive directoryObjectIds to add to the OneDrive protection policy.
displayName	String	The name of the job.
drives	Collection(String)	The list of email addresses to add to the OneDrive protection policy.
error	publicError	Contains error details if any email address resolution fails.
id	String	The unique identifier of the job associated with the OneDrive protection policy.
lastModifiedBy	identitySet	Identity of the person who last modified the job.
lastModifiedDateTime	DateTimeOffset	Timestamp of the last modification to the job.
status	protectionUnitsBulkJobStatus	Status of the job. The possible values are: `unknown`, `active`, `completed`, `completedWithErrors`, and `unknownFutureValue`.

Graph reference: exchangeProtectionPolicy

Property	Type	Description
id	String	The unique identifier of the protection rule associated to the policy.
displayName	String	Name of the policy to be created.
createdDateTime	DateTimeOffset	The time of creation of the policy.
createdBy	identitySet	The identity of person who created the policy.
lastModifiedBy	identitySet	The identity of the person who last modified the policy.
lastModifiedDateTime	DateTimeOffset	The timestamp of the last modification of the policy.
status	protectionPolicyStatus	Status of the policy. This value is an aggregated status of the protection units. The possible values are: `inactive`, `activeWithErrors`, `updating`, `active`, `unknownFutureValue`.

Graph reference: mailboxProtectionRule

Property	Type	Description
id	String	The unique identifier of the protection rule associated with the policy.
createdBy	identitySet	The identity of the person who created the rule.
createdDateTime	DateTimeOffset	The date and time that the rule was created.
error	publicError	Contains error details if an operation on a rule expression fails.
isAutoApplyEnabled	Boolean	`true` indicates that the protection rule is dynamic; `false` that it's static. Static rules run one time while dynamic rules listen to all changes in the system and update the protection unit list. Currently, only static rules are supported.
lastModifiedBy	identitySet	Identity of the person who last modified this rule.
lastModifiedDateTime	DateTimeOffset	Timestamp of last modification to the rule.
mailboxExpression	String	Contains a mailbox expression. For examples, see mailboxExpression examples.
status	protectionRuleStatus	Status of the protection rule. The possible values are: `draft`, `active`, `completed`, `completedWithErrors`, `unknownFutureValue`. The `draft` member is currently unsupported.

Graph reference: mailboxProtectionUnit

Property	Type	Description
createdBy	identitySet	The identity of person who created the protection unit. Inherited from protectionUnitBase.
createdDateTime	DateTimeOffset	The time of creation of the protection unit. Inherited from protectionUnitBase.
directoryObjectId	String	The ID of the directory object.
displayName	String	Display name of the directory object.
email	String	Email address associated with the directory object.
error	publicError	Contains error details if enabling or disabling the protection unit fails. Inherited from protectionUnitBase.
id	String	Unique identifier of the protection policy associated with this protection unit.
lastModifiedBy	identitySet	The identity of person who last modified the protection unit. Inherited from protectionUnitBase.
lastModifiedDateTime	DateTimeOffset	The time the protection unit was last modified. Inherited from protectionUnitBase.
policyId	String	Unique identifier of the protection policy associated with this protection unit. Inherited from protectionUnitBase.
status	protectionUnitStatus	The individual enable, disable, or removal status of the protection unit. Inherited from protectionUnitBase.The possible values are: `protectRequested`, `protected`, `unprotectRequested`, `unprotected`, `removeRequested`, `unknownFutureValue`.

Graph reference: mailboxProtectionUnitsBulkAdditionJob

Property	Type	Description
createdBy	identitySet	The identity of the person who created the job.
createdDateTime	DateTimeOffset	The date and time that the job was created.
directoryObjectIds	Collection(String)	The list of Exchange directoryObjectIds to add to the Exchange protection policy.
displayName	String	The name of the job.
error	publicError	Contains error details if any email address resolution fails.
id	String	The unique identifier of the job associated with the Exchange protection policy.
lastModifiedBy	identitySet	Identity of the person who last modified the job.
lastModifiedDateTime	DateTimeOffset	Timestamp of the last modification to the job.
mailboxes	Collection(String)	The list of Exchange email addresses to add to the Exchange protection policy.
status	protectionUnitsBulkJobStatus	Status of the job. The possible values are: `unknown`, `active`, `completed`, `completedWithErrors`, and `unknownFutureValue`.

Graph reference: oneDriveForBusinessProtectionPolicy

Property	Type	Description
id	String	The unique identifier of the protection rule associated with the policy.
displayName	String	The name of the policy to be created.
createdDateTime	DateTimeOffset	The time of creation of the policy.
createdBy	identitySet	The identity of person who created the policy.
lastModifiedBy	identitySet	The identity of the person who last modified the policy.
lastModifiedDateTime	DateTimeOffset	The timestamp of the last modification of the policy.
status	protectionPolicyStatus	Status of the policy. The value is the aggregated status of the protection units. The possible values are: `inactive`, `activeWithErrors`, `updating`, `active`, `unknownFutureValue`.

Graph reference: protectionPolicyBase

Property	Type	Description
id	String	The unique identifier of the protection rule associated with the policy.
displayName	String	The name of the policy to be created.
createdDateTime	DateTimeOffset	The time of creation of the policy.
createdBy	identitySet	The identity of person who created the policy.
lastModifiedBy	identitySet	The identity of the person who last modified the policy.
lastModifiedDateTime	DateTimeOffset	The timestamp of the last modification of the policy.
retentionSettings	retentionSetting collection	Contains the retention setting details for the policy.
status	protectionPolicyStatus	The aggregated status of the protection units associated with the policy. The possible values are: `inactive`, `activeWithErrors`, `updating`, `active`, `unknownFutureValue`.

Graph reference: protectionRuleBase

Property	Type	Description
id	String	The unique identifier of the protection rule associated with the policy.
createdBy	identitySet	The identity of person who created the rule.
createdDateTime	DateTimeOffset	The time of creation of the rule.
error	publicError	Contains error details if an operation on a rule fails.
lastModifiedBy	identitySet	The identity of the person who last modified the rule.
lastModifiedDateTime	DateTimeOffset	Timestamp of the last modification made to the rule.
status	protectionRuleStatus	The status of the protection rule. The possible values are: `draft`, `active`, `completed`, `completedWithErrors`, `unknownFutureValue`. The `draft` member is currently unsupported.

Graph reference: protectionUnitBase

Property	Type	Description
id	String	The unique identifier of the protection unit.
policyId	String	The unique identifier of the protection policy based on which protection unit was created.
createdBy	identitySet	The identity of person who created the protection unit.
createdDateTime	DateTimeOffset	The time of creation of the protection unit.
error	publicError	Contains error details if an error occurred while creating a protection unit.
lastModifiedBy	identitySet	The identity of person who last modified the protection unit.
lastModifiedDateTime	DateTimeOffset	Timestamp of the last modification of this protection unit.
status	protectionUnitStatus	The status of the protection unit. The possible values are: `protectRequested`, `protected`, `unprotectRequested`, `unprotected`, `removeRequested`, `unknownFutureValue`.

Graph reference: sharePointProtectionPolicy

Property	Type	Description
id	String	The unique identifier of the protection rule associated to the policy.
displayName	String	The name of the policy being created.
createdDateTime	DateTimeOffset	The time of creation of the policy.
createdBy	identitySet	The identity of person who created the policy.
lastModifiedBy	identitySet	The identity of person who modified the policy.
lastModifiedDateTime	DateTimeOffset	The timestamp of the last modification of the policy.
retentionSettings	retentionSetting collection	Retention settings for the policy.
status	protectionPolicyStatus	The status of the policy. The value is an aggregated status of the protection units. The possible values are: `inactive`, `activeWithErrors`, `updating`, `active`, `unknownFutureValue`.

Graph reference: siteProtectionRule

Property	Type	Description
id	String	The unique identifier of the protection rule associated with the policy.
createdBy	identitySet	The identity of the person who created the rule.
createdDateTime	DateTimeOffset	The date and time that the rule was created.
error	publicError	Contains error details if any operation on a rule expression fails.
isAutoApplyEnabled	Boolean	`true` indicates that the protection rule is dynamic; `false` that it's static. Static rules run one time while dynamic rules listen to all changes in the system and update the protection unit list. Currently, only static rules are supported.
lastModifiedBy	identitySet	Identity of the person who last modified the rule.
lastModifiedDateTime	DateTimeOffset	Timestamp of the last modification to the rule.
siteExpression	String	Contains a site expression. For examples, see siteExpression example.
status	protectionRuleStatus	Status of the protection rule. The possible values are: `draft`, `active`, `completed`, `completedWithErrors`, `unknownFutureValue`. The `draft` member is currently unsupported.

Graph reference: siteProtectionUnit

Property	Type	Description
createdBy	identitySet	The identity of person who created the protection unit. Inherited from protectionUnitBase.
createdDateTime	DateTimeOffset	The time of creation of the protection unit. Inherited from protectionUnitBase.
error	publicError	Contains error details if enabling or disabling the protection unit fails. Inherited from protectionUnitBase.
id	String	Unique identifier of the protection policy associated with this protection unit.
lastModifiedBy	identitySet	The identity of the person who last modified the protection unit. Inherited from protectionUnitBase.
lastModifiedDateTime	DateTimeOffset	The time the protection unit was last modified. Inherited from protectionUnitBase.
policyId	String	Unique identifier of the protection policy associated with this protection unit. Inherited from protectionUnitBase.
siteId	String	Unique identifier of the SharePoint site.
siteName	String	Name of the SharePoint site.
siteWebUrl	String	The web URL of the SharePoint site.
status	protectionUnitStatus	The individual enable, disable, or removal status of the protection unit. Inherited from protectionUnitBase. The possible values are: `protectRequested`, `protected`, `unprotectRequested`, `unprotected`, `removeRequested`, `unknownFutureValue`.

Graph reference: siteProtectionUnitsBulkAdditionJob

Property	Type	Description
createdBy	identitySet	The identity of the person who created the job.
createdDateTime	DateTimeOffset	The date and time that the job was created.
displayName	String	The name of the job.
error	publicError	Contains error details if any site-url resolution fails.
id	String	The unique identifier of the job associated with the SharePoint protection policy.
lastModifiedBy	identitySet	Identity of the person who last modified the job.
lastModifiedDateTime	DateTimeOffset	Timestamp of the last modification to the job.
status	protectionUnitsBulkJobStatus	Status of the job. The possible values are: `unknown`, `active`, `completed`, `completedWithErrors`, and `unknownFutureValue`.
siteWebUrls	Collection(String)	The list of SharePoint site URLs to add to the SharePoint protection policy.
siteIds	Collection(String)	The list of SharePoint site IDs to add to the SharePoint protection policy.

Table of Contents

BackupRestore-Configuration.Read.All

Graph Methods

Resources