BackupRestore-Configuration.Read.All

Allows the app to read the backup configuration, and list of Microsoft 365 service resources to be backed-up, on behalf of the signed in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the BackupRestore-Configuration.Read.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	5fbb5982-3230-4882-93c0-2167523ce0c2	444ed4b6-0554-4dc6-8e9c-3f9a34ee3ff6
DisplayText	Read all backup configuration policies	Read backup configuration policies
Description	Allows the app to read all backup configurations, and lists of Microsoft 365 service resources to be backed-up, without a signed-in user.	Allows the app to read the backup configuration, and list of Microsoft 365 service resources to be backed-up, on behalf of the signed in user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxInclusionRules
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxInclusionRules/{mailboxProtectionRuleId}
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxProtectionUnits/
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxProtectionUnitsBulkAdditionJobs
	GET /solutions/backupRestore/exchangeProtectionPolicies/{mailboxProtectionPolicyId}/mailboxProtectionUnitsBulkAdditionJobs/{mailboxProtectionUnitsBulkAdditionJobId}
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{driveProtectionPolicyId}/driveProtectionUnitsBulkAdditionJobs/{driveProtectionUnitsBulkAdditionJobId}
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveInclusionRules
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveInclusionRules/{driveProtectionRuleId}
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveProtectionUnits
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveProtectionUnitsBulkAdditionJobs
	GET /solutions/backupRestore/protectionPolicies
	GET /solutions/backupRestore/protectionPolicies/{protectionPolicyBaseId}
	GET /solutions/backupRestore/protectionUnits/{protectionUnitBaseId}
	GET /solutions/backupRestore/protectionUnits/microsoft.graph.driveProtectionUnit
	GET /solutions/backupRestore/protectionUnits/microsoft.graph.mailboxProtectionUnit
	GET /solutions/backupRestore/protectionUnits/microsoft.graph.siteProtectionUnit
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteInclusionRules
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteInclusionRules/{siteProtectionRuleId}
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteProtectionUnits
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteProtectionUnitsBulkAdditionJobs
	POST /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxProtectionUnitsBulkAdditionJobs
	POST /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveProtectionUnitsBulkAdditionJobs
	POST /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteProtectionUnitsBulkAdditionJobs

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxExclusionUnits
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxExclusionUnits/{mailboxExclusionUnitId}
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxExclusionUnitsBulkAdditionJobs
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxExclusionUnitsBulkAdditionJobs/{mailboxExclusionUnitsBulkAdditionJobId}
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxInclusionRules
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxInclusionRules/{mailboxProtectionRuleId}
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxProtectionUnits/
	GET /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxProtectionUnitsBulkAdditionJobs
	GET /solutions/backupRestore/exchangeProtectionPolicies/{mailboxProtectionPolicyId}/mailboxProtectionUnitsBulkAdditionJobs/{mailboxProtectionUnitsBulkAdditionJobId}
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{driveProtectionPolicyId}/driveProtectionUnitsBulkAdditionJobs/{driveProtectionUnitsBulkAdditionJobId}
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveExclusionUnits
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveExclusionUnits/{driveExclusionUnitId}
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveExclusionUnitsBulkAdditionJobs
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveExclusionUnitsBulkAdditionJobs/{driveExclusionUnitsBulkAdditionJobId}
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveInclusionRules
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveInclusionRules/{driveProtectionRuleId}
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveProtectionUnits
	GET /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveProtectionUnitsBulkAdditionJobs
	GET /solutions/backupRestore/protectionPolicies
	GET /solutions/backupRestore/protectionPolicies/{protectionPolicyBaseId}
	GET /solutions/backupRestore/protectionUnits/{protectionUnitBaseId}
	GET /solutions/backupRestore/protectionUnits/microsoft.graph.driveProtectionUnit
	GET /solutions/backupRestore/protectionUnits/microsoft.graph.mailboxProtectionUnit
	GET /solutions/backupRestore/protectionUnits/microsoft.graph.siteProtectionUnit
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteExclusionUnits
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteExclusionUnits/{siteExclusionUnitId}
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteExclusionUnitsBulkAdditionJobs
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteExclusionUnitsBulkAdditionJobs/{siteExclusionUnitsBulkAdditionJobId}
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteInclusionRules
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteInclusionRules/{siteProtectionRuleId}
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteProtectionUnits
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteProtectionUnitsBulkAdditionJobs
	GET /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteProtectionUnitsBulkAdditionJobs/{siteProtectionUnitsBulkAdditionJobId}
	POST /solutions/backupRestore/exchangeProtectionPolicies/{exchangeProtectionPolicyId}/mailboxProtectionUnitsBulkAdditionJobs
	POST /solutions/backupRestore/oneDriveForBusinessProtectionPolicies/{oneDriveForBusinessProtectionPolicyId}/driveProtectionUnitsBulkAdditionJobs
	POST /solutions/backupRestore/sharePointProtectionPolicies/{sharePointProtectionPolicyId}/siteProtectionUnitsBulkAdditionJobs

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Connect-MgGraph
	Get-MgSolutionBackupRestoreExchangeProtectionPolicyMailboxInclusionRule
	Get-MgSolutionBackupRestoreExchangeProtectionPolicyMailboxProtectionUnitBulkAdditionJob
	Get-MgSolutionBackupRestoreOneDriveForBusinessProtectionPolicyDriveInclusionRule
	Get-MgSolutionBackupRestoreOneDriveForBusinessProtectionPolicyDriveProtectionUnit
	Get-MgSolutionBackupRestoreOneDriveForBusinessProtectionPolicyDriveProtectionUnitBulkAdditionJob
	Get-MgSolutionBackupRestoreProtectionPolicy
	Get-MgSolutionBackupRestoreProtectionUnit
	Get-MgSolutionBackupRestoreProtectionUnitAsMailboxProtectionUnit
	Get-MgSolutionBackupRestoreSharePointProtectionPolicySiteInclusionRule
	Get-MgSolutionBackupRestoreSharePointProtectionPolicySiteProtectionUnit
	Get-MgSolutionBackupRestoreSharePointProtectionPolicySiteProtectionUnitBulkAdditionJob

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgBetaSolutionBackupRestoreExchangeProtectionPolicyMailboxExclusionUnit
	Get-MgBetaSolutionBackupRestoreExchangeProtectionPolicyMailboxExclusionUnitBulkAdditionJob
	Get-MgBetaSolutionBackupRestoreExchangeProtectionPolicyMailboxInclusionRule
	Get-MgBetaSolutionBackupRestoreExchangeProtectionPolicyMailboxProtectionUnitBulkAdditionJob
	Get-MgBetaSolutionBackupRestoreOneDriveForBusinessProtectionPolicyDriveExclusionUnit
	Get-MgBetaSolutionBackupRestoreOneDriveForBusinessProtectionPolicyDriveExclusionUnitBulkAdditionJob
	Get-MgBetaSolutionBackupRestoreOneDriveForBusinessProtectionPolicyDriveInclusionRule
	Get-MgBetaSolutionBackupRestoreOneDriveForBusinessProtectionPolicyDriveProtectionUnit
	Get-MgBetaSolutionBackupRestoreOneDriveForBusinessProtectionPolicyDriveProtectionUnitBulkAdditionJob
	Get-MgBetaSolutionBackupRestoreProtectionPolicy
	Get-MgBetaSolutionBackupRestoreProtectionUnit
	Get-MgBetaSolutionBackupRestoreProtectionUnitAsMailboxProtectionUnit
	Get-MgBetaSolutionBackupRestoreSharePointProtectionPolicySiteExclusionUnit
	Get-MgBetaSolutionBackupRestoreSharePointProtectionPolicySiteExclusionUnitBulkAdditionJob
	Get-MgBetaSolutionBackupRestoreSharePointProtectionPolicySiteInclusionRule
	Get-MgBetaSolutionBackupRestoreSharePointProtectionPolicySiteProtectionUnit
	Get-MgBetaSolutionBackupRestoreSharePointProtectionPolicySiteProtectionUnitBulkAdditionJob

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: driveExclusionUnit

Property	Type	Description
createdBy	identitySet	The identity of the person who created the exclusion unit. Inherited from exclusionUnitBase.
createdDateTime	DateTimeOffset	The date and time when the exclusion unit was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from exclusionUnitBase.
directoryObjectId	String	The unique identifier of the directory object (user) associated with the drive.
displayName	String	The display name of the user associated with the drive.
email	String	The email address of the user associated with the drive.
error	publicError	Contains error details if the exclusion unit is in a failed state. Inherited from exclusionUnitBase.
id	String	The unique identifier of the exclusion unit. Inherited from exclusionUnitBase.
lastModifiedBy	identitySet	The identity of the person who last modified the exclusion unit. Inherited from exclusionUnitBase.
lastModifiedDateTime	DateTimeOffset	The date and time when the exclusion unit was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from exclusionUnitBase.
policyId	String	The unique identifier of the protection policy that contains this exclusion unit. Inherited from exclusionUnitBase.

Graph reference: driveExclusionUnitsBulkAdditionJob

Property	Type	Description
createdBy	identitySet	The identity of the person who created the bulk addition job. Inherited from exclusionUnitBulkAdditionJob.
createdDateTime	DateTimeOffset	The date and time when the bulk addition job was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from exclusionUnitBulkAdditionJob.
displayName	String	The display name of the bulk addition job. Inherited from exclusionUnitBulkAdditionJob.
drives	String collection	The email addresses or user principal names of the users whose OneDrive drives are to be added as exclusion units to the protection policy.
error	publicError	Contains error details if the bulk addition job failed. Inherited from exclusionUnitBulkAdditionJob.
id	String	The unique identifier of the bulk addition job. Inherited from exclusionUnitBulkAdditionJob.
lastModifiedBy	identitySet	The identity of the person who last modified the bulk addition job. Inherited from exclusionUnitBulkAdditionJob.
lastModifiedDateTime	DateTimeOffset	The date and time when the bulk addition job was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from exclusionUnitBulkAdditionJob.
status	exclusionUnitBulkJobStatus	The status of the bulk addition job. The possible values are: `created`, `active`, `completed`, `completedWithErrors`, `unknownFutureValue`. Inherited from exclusionUnitBulkAdditionJob.

Graph reference: driveProtectionRule

Property	Type	Description
id	String	The unique identifier of the protection rule associated with the policy.
createdBy	identitySet entitySet	The identity of the person who created the rule.
createdDateTime	DateTimeOffset	The date and time that the rule was created.
driveExpression	String	Contains a drive expression. For examples, see driveExpression examples.
error	publicError	If the operation fails, contain the details of the error.
isAutoApplyEnabled	Boolean	`true` indicates that the protection rule is dynamic; `false` that it's static. Static rules run one time while dynamic rules listen to all changes in the system and update the protection unit list. Currently, only static rules are supported.
lastModifiedBy	identitySet	Identity of the person who last modified this rule.
lastModifiedDateTime	DateTimeOffset	The timestamp of the last modification to this rule.
status	protectionRuleStatus	The status of the protection rule. The possible values are: `draft`, `active`, `completed`, `completedWithErrors`, `unknownFutureValue`, `updateRequested`, `deleteRequested`. Use the `Prefer: include-unknown-enum-members` request header to get the following values in this evolvable enum: `updateRequested` , `deleteRequested`. The `draft` member is currently unsupported. Inherited from protectionRuleBase.

Graph reference: driveProtectionUnit

Property	Type	Description
createdBy	identitySet	The identity of the person who created the protection unit. Inherited from protectionUnitBase.
createdDateTime	DateTimeOffset	The time of creation of the protection unit. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from protectionUnitBase.
directoryObjectId	String	ID of the directory object.
displayName	String	Display name of the directory object.
email	String	Email associated with the directory object.
error	publicError	Details of the error if the enablement/disablement of the protection unit fails. Inherited from protectionUnitBase.
id	String	Unique identifier of the protection policy associated with this protection unit.
lastModifiedBy	identitySet	The identity of person who last modified the protection unit. Inherited from protectionUnitBase.
lastModifiedDateTime	DateTimeOffset	The time of last modification of the protection unit. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from protectionUnitBase.
offboardRequestedDateTime	DateTimeOffset	The date and time when protection unit offboard was requested. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from protectionUnitBase.
policyId	String	Unique identifier of the protection policy associated with this protection unit. Inherited from protectionUnitBase.
protectionSources	protectionSource	Indicates the sources by which a protection unit is currently protected. A protection unit protected by multiple sources is indicated by comma-separated values. The possible values are: `none`, `manual`, `dynamicRule`, `unknownFutureValue`. Inherited from protectionUnitBase.
status	protectionUnitStatus	The individual enablement/disablement/removal status of the protection unit. The possible values are: `protectRequested`, `protected`, `unprotectRequested`, `unprotected`, `removeRequested`, `unknownFutureValue`, `offboardRequested`, `offboarded`, `cancelOffboardRequested`. Use the `Prefer: include-unknown-enum-members` request header to get the following values from this evolvable enum: `offboardRequested`, `offboarded`, `cancelOffboardRequested`. Inherited from protectionUnitBase.

Graph reference: driveProtectionUnitsBulkAdditionJob

Property	Type	Description
createdBy	identitySet	The identity of the person who created the job.
createdDateTime	DateTimeOffset	The date and time that the job was created.
directoryObjectIds	String collection	The list of OneDrive directoryObjectIds to add to the OneDrive protection policy.
displayName	String	The name of the job.
drives	String collection	The list of email addresses to add to the OneDrive protection policy.
error	publicError	Contains error details if any email address resolution fails.
id	String	The unique identifier of the job associated with the OneDrive protection policy.
lastModifiedBy	identitySet	Identity of the person who last modified the job.
lastModifiedDateTime	DateTimeOffset	Timestamp of the last modification to the job.
status	protectionUnitsBulkJobStatus	Status of the job. The possible values are: `unknown`, `active`, `completed`, `completedWithErrors`, and `unknownFutureValue`.

Graph reference: exchangeProtectionPolicy

Property	Type	Description
id	String	The unique identifier of the protection rule associated to the policy.
displayName	String	Name of the policy to be created.
createdDateTime	DateTimeOffset	The time of creation of the policy.
createdBy	identitySet	The identity of person who created the policy.
lastModifiedBy	identitySet	The identity of the person who last modified the policy.
lastModifiedDateTime	DateTimeOffset	The timestamp of the last modification of the policy.
status	protectionPolicyStatus	Status of the policy. This value is an aggregated status of the protection units. The possible values are: `inactive`, `activeWithErrors`, `updating`, `active`, `unknownFutureValue`.

Graph reference: mailboxExclusionUnit

Property	Type	Description
createdBy	identitySet	The identity of the person who created the exclusion unit. Inherited from exclusionUnitBase.
createdDateTime	DateTimeOffset	The date and time when the exclusion unit was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from exclusionUnitBase.
directoryObjectId	String	The unique identifier of the directory object (user) associated with the mailbox.
displayName	String	The display name of the mailbox.
email	String	The email address of the mailbox.
error	publicError	Contains error details if the exclusion unit is in a failed state. Inherited from exclusionUnitBase.
id	String	The unique identifier of the exclusion unit. Inherited from exclusionUnitBase.
lastModifiedBy	identitySet	The identity of the person who last modified the exclusion unit. Inherited from exclusionUnitBase.
lastModifiedDateTime	DateTimeOffset	The date and time when the exclusion unit was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from exclusionUnitBase.
policyId	String	The unique identifier of the protection policy that contains this exclusion unit. Inherited from exclusionUnitBase.

Graph reference: mailboxExclusionUnitsBulkAdditionJob

Property	Type	Description
createdBy	identitySet	The identity of the person who created the bulk addition job. Inherited from exclusionUnitBulkAdditionJob.
createdDateTime	DateTimeOffset	The date and time when the bulk addition job was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from exclusionUnitBulkAdditionJob.
displayName	String	The display name of the bulk addition job. Inherited from exclusionUnitBulkAdditionJob.
error	publicError	Contains error details if the bulk addition job failed. Inherited from exclusionUnitBulkAdditionJob.
id	String	The unique identifier of the bulk addition job. Inherited from exclusionUnitBulkAdditionJob.
lastModifiedBy	identitySet	The identity of the person who last modified the bulk addition job. Inherited from exclusionUnitBulkAdditionJob.
lastModifiedDateTime	DateTimeOffset	The date and time when the bulk addition job was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from exclusionUnitBulkAdditionJob.
mailboxes	String collection	The email addresses of the mailboxes to be added as exclusion units to the protection policy.
status	exclusionUnitBulkJobStatus	The status of the bulk addition job. The possible values are: `created`, `active`, `completed`, `completedWithErrors`, `unknownFutureValue`. Inherited from exclusionUnitBulkAdditionJob.

Graph reference: mailboxProtectionRule

Property	Type	Description
id	String	The unique identifier of the protection rule associated with the policy.
createdBy	identitySet	The identity of the person who created the rule.
createdDateTime	DateTimeOffset	The date and time that the rule was created.
error	publicError	Contains error details if an operation on a rule expression fails.
isAutoApplyEnabled	Boolean	`true` indicates that the protection rule is dynamic; `false` that it's static. Static rules run one time while dynamic rules listen to all changes in the system and update the protection unit list. Currently, only static rules are supported.
lastModifiedBy	identitySet	Identity of the person who last modified this rule.
lastModifiedDateTime	DateTimeOffset	Timestamp of last modification to the rule.
mailboxExpression	String	Contains a mailbox expression. For examples, see mailboxExpression examples.
status	protectionRuleStatus	The status of the protection rule. The possible values are: `draft`, `active`, `completed`, `completedWithErrors`, `unknownFutureValue`, `updateRequested`, `deleteRequested`. Use the `Prefer: include-unknown-enum-members` request header to get the following values in this evolvable enum: `updateRequested` , `deleteRequested`. The `draft` member is currently unsupported. Inherited from protectionRuleBase.

Graph reference: mailboxProtectionUnit

Property	Type	Description
createdBy	identitySet	The identity of the person who created the protection unit. Inherited from protectionUnitBase.
createdDateTime	DateTimeOffset	The time of creation of the protection unit. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from protectionUnitBase.
directoryObjectId	String	The ID of the directory object.
displayName	String	Display name of the directory object.
email	String	Email address associated with the directory object.
error	publicError	Contains error details if enabling or disabling the protection unit fails. Inherited from protectionUnitBase.
id	String	Unique identifier of the protection policy associated with this protection unit.
lastModifiedBy	identitySet	The identity of person who last modified the protection unit. Inherited from protectionUnitBase.
lastModifiedDateTime	DateTimeOffset	The time the protection unit was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from protectionUnitBase.
offboardRequestedDateTime	DateTimeOffset	The date and time when protection unit offboard was requested. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from protectionUnitBase.
policyId	String	Unique identifier of the protection policy associated with this protection unit. Inherited from protectionUnitBase.
protectionSources	protectionSource	Indicates the sources by which a protection unit is currently protected. A protection unit protected by multiple sources is indicated by comma-separated values. The possible values are: `none`, `manual`, `dynamicRule`, `unknownFutureValue`. Inherited from protectionUnitBase.
status	protectionUnitStatus	The individual enablement/disablement/removal status of the protection unit. The possible values are: `protectRequested`, `protected`, `unprotectRequested`, `unprotected`, `removeRequested`, `unknownFutureValue`, `offboardRequested`, `offboarded`, `cancelOffboardRequested`. Use the `Prefer: include-unknown-enum-members` request header to get the following values from this evolvable enum: `offboardRequested`, `offboarded`, `cancelOffboardRequested`. Inherited from protectionUnitBase.

Graph reference: mailboxProtectionUnitsBulkAdditionJob

Property	Type	Description
createdBy	identitySet	The identity of the person who created the job.
createdDateTime	DateTimeOffset	The date and time that the job was created.
directoryObjectIds	String collection	The list of Exchange directoryObjectIds to add to the Exchange protection policy.
displayName	String	The name of the job.
error	publicError	Contains error details if any email address resolution fails.
id	String	The unique identifier of the job associated with the Exchange protection policy.
lastModifiedBy	identitySet	Identity of the person who last modified the job.
lastModifiedDateTime	DateTimeOffset	Timestamp of the last modification to the job.
mailboxes	String collection	The list of Exchange email addresses to add to the Exchange protection policy.
status	protectionUnitsBulkJobStatus	Status of the job. The possible values are: `unknown`, `active`, `completed`, `completedWithErrors`, and `unknownFutureValue`.

Graph reference: oneDriveForBusinessProtectionPolicy

Property	Type	Description
id	String	The unique identifier of the protection rule associated with the policy.
displayName	String	The name of the policy to be created.
createdDateTime	DateTimeOffset	The time of creation of the policy.
createdBy	identitySet	The identity of person who created the policy.
lastModifiedBy	identitySet	The identity of the person who last modified the policy.
lastModifiedDateTime	DateTimeOffset	The timestamp of the last modification of the policy.
status	protectionPolicyStatus	Status of the policy. The value is the aggregated status of the protection units. The possible values are: `inactive`, `activeWithErrors`, `updating`, `active`, `unknownFutureValue`.

Graph reference: protectionPolicyBase

Property	Type	Description
id	String	The unique identifier of the protection rule associated with the policy.
displayName	String	The name of the policy to be created.
createdDateTime	DateTimeOffset	The time of creation of the policy.
createdBy	identitySet	The identity of person who created the policy.
lastModifiedBy	identitySet	The identity of the person who last modified the policy.
lastModifiedDateTime	DateTimeOffset	The timestamp of the last modification of the policy.
retentionSettings	retentionSetting collection	Contains the retention setting details for the policy.
status	protectionPolicyStatus	The aggregated status of the protection units associated with the policy. The possible values are: `inactive`, `activeWithErrors`, `updating`, `active`, `unknownFutureValue`.

Graph reference: protectionRuleBase

Property	Type	Description
createdBy	identitySet	The identity of person who created the rule.
createdDateTime	DateTimeOffset	The time of creation of the rule.
error	publicError	Contains error details if an operation on a rule fails.
id	String	The unique identifier of the protection rule associated with the policy.
isAutoApplyEnabled	Boolean	`true` indicates that the protection rule is dynamic; `false` that it's static.
lastModifiedBy	identitySet	The identity of the person who last modified the rule.
lastModifiedDateTime	DateTimeOffset	Timestamp of the last modification made to the rule.
status	protectionRuleStatus	The status of the protection rule. The possible values are: `draft`, `active`, `completed`, `completedWithErrors`, `unknownFutureValue`, `updateRequested`, `deleteRequested`. Use the `Prefer: include-unknown-enum-members` request header to get the following values in this evolvable enum: `updateRequested` , `deleteRequested`. The `draft` member is currently unsupported.

Graph reference: protectionUnitBase

Property	Type	Description
createdBy	identitySet	The identity of the person who created the protection unit.
createdDateTime	DateTimeOffset	The time of creation of the protection unit. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
error	publicError	Contains error details if an error occurred while creating a protection unit.
id	String	The unique identifier of the protection unit. Inherited from entity.
lastModifiedBy	identitySet	The identity of person who last modified the protection unit.
lastModifiedDateTime	DateTimeOffset	Timestamp of the last modification of this protection unit. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
offboardRequestedDateTime	DateTimeOffset	The date and time when protection unit offboard was requested. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
policyId	String	The unique identifier of the protection policy based on which protection unit was created.
protectionSources	protectionSource	Indicates the sources by which a protection unit is currently protected. A protection unit protected by multiple sources is indicated by comma-separated values. The possible values are: `none`, `manual`, `dynamicRule`, `unknownFutureValue`.
status	protectionUnitStatus	The status of the protection unit. The possible values are: `protectRequested`, `protected`, `unprotectRequested`, `unprotected`, `removeRequested`, `unknownFutureValue`, `offboardRequested`, `offboarded`, `cancelOffboardRequested`. Use the `Prefer: include-unknown-enum-members` request header to get the following values from this evolvable enum: `offboardRequested`, `offboarded`, `cancelOffboardRequested`.

Graph reference: sharePointProtectionPolicy

Property	Type	Description
id	String	The unique identifier of the protection rule associated to the policy.
displayName	String	The name of the policy being created.
createdDateTime	DateTimeOffset	The time of creation of the policy.
createdBy	identitySet	The identity of person who created the policy.
lastModifiedBy	identitySet	The identity of person who modified the policy.
lastModifiedDateTime	DateTimeOffset	The timestamp of the last modification of the policy.
retentionSettings	retentionSetting collection	Retention settings for the policy.
status	protectionPolicyStatus	The status of the policy. The value is an aggregated status of the protection units. The possible values are: `inactive`, `activeWithErrors`, `updating`, `active`, `unknownFutureValue`.

Graph reference: siteExclusionUnit

Property	Type	Description
createdBy	identitySet	The identity of the person who created the exclusion unit. Inherited from exclusionUnitBase.
createdDateTime	DateTimeOffset	The date and time when the exclusion unit was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from exclusionUnitBase.
error	publicError	Contains error details if the exclusion unit is in a failed state. Inherited from exclusionUnitBase.
id	String	The unique identifier of the exclusion unit. Inherited from exclusionUnitBase.
lastModifiedBy	identitySet	The identity of the person who last modified the exclusion unit. Inherited from exclusionUnitBase.
lastModifiedDateTime	DateTimeOffset	The date and time when the exclusion unit was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from exclusionUnitBase.
policyId	String	The unique identifier of the protection policy that contains this exclusion unit. Inherited from exclusionUnitBase.
siteId	String	The unique identifier of the SharePoint site.
siteName	String	The display name of the SharePoint site.
siteWebUrl	String	The URL of the SharePoint site.

Graph reference: siteExclusionUnitsBulkAdditionJob

Property	Type	Description
createdBy	identitySet	The identity of the person who created the bulk addition job. Inherited from exclusionUnitBulkAdditionJob.
createdDateTime	DateTimeOffset	The date and time when the bulk addition job was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from exclusionUnitBulkAdditionJob.
displayName	String	The display name of the bulk addition job. Inherited from exclusionUnitBulkAdditionJob.
error	publicError	Contains error details if the bulk addition job failed. Inherited from exclusionUnitBulkAdditionJob.
id	String	The unique identifier of the bulk addition job. Inherited from exclusionUnitBulkAdditionJob.
lastModifiedBy	identitySet	The identity of the person who last modified the bulk addition job. Inherited from exclusionUnitBulkAdditionJob.
lastModifiedDateTime	DateTimeOffset	The date and time when the bulk addition job was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from exclusionUnitBulkAdditionJob.
siteWebUrls	String collection	The URLs of SharePoint sites to be added as exclusion units to the protection policy.
status	exclusionUnitBulkJobStatus	The status of the bulk addition job. The possible values are: `created`, `active`, `completed`, `completedWithErrors`, `unknownFutureValue`. Inherited from exclusionUnitBulkAdditionJob.

Graph reference: siteProtectionRule

Property	Type	Description
id	String	The unique identifier of the protection rule associated with the policy.
createdBy	identitySet	The identity of the person who created the rule.
createdDateTime	DateTimeOffset	The date and time that the rule was created.
error	publicError	Contains error details if any operation on a rule expression fails.
isAutoApplyEnabled	Boolean	`true` indicates that the protection rule is dynamic; `false` that it's static. Static rules run one time while dynamic rules listen to all changes in the system and update the protection unit list. Currently, only static rules are supported.
lastModifiedBy	identitySet	Identity of the person who last modified the rule.
lastModifiedDateTime	DateTimeOffset	Timestamp of the last modification to the rule.
siteExpression	String	Contains a site expression. For examples, see siteExpression example.
status	protectionRuleStatus	The status of the protection rule. Supports a subset of the values for **p

Graph reference: siteProtectionUnit

Property	Type	Description
createdBy	identitySet	The identity of the person who created the protection unit. Inherited from protectionUnitBase.
createdDateTime	DateTimeOffset	The time of creation of the protection unit. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from protectionUnitBase.
error	publicError	Contains error details if enabling or disabling the protection unit fails. Inherited from protectionUnitBase.
id	String	Unique identifier of the protection policy associated with this protection unit.
lastModifiedBy	identitySet	The identity of the person who last modified the protection unit. Inherited from protectionUnitBase.
lastModifiedDateTime	DateTimeOffset	The time the protection unit was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from protectionUnitBase.
offboardRequestedDateTime	DateTimeOffset	The date and time when protection unit offboard was requested. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from protectionUnitBase.
policyId	String	Unique identifier of the protection policy associated with this protection unit. Inherited from protectionUnitBase.
protectionSources	protectionSource	Indicates the sources by which a protection unit is currently protected. A protection unit protected by multiple sources is indicated by comma-separated values. The possible values are: `none`, `manual`, `dynamicRule`, `unknownFutureValue`. Inherited from protectionUnitBase.
siteId	String	Unique identifier of the SharePoint site.
siteName	String	Name of the SharePoint site.
siteWebUrl	String	The web URL of the SharePoint site.
status	protectionUnitStatus	The individual enablement/disablement/removal status of the protection unit. The possible values are: `protectRequested`, `protected`, `unprotectRequested`, `unprotected`, `removeRequested`, `unknownFutureValue`, `offboardRequested`, `offboarded`, `cancelOffboardRequested`. Use the `Prefer: include-unknown-enum-members` request header to get the following values from this evolvable enum: `offboardRequested`, `offboarded`, `cancelOffboardRequested`. Inherited from protectionUnitBase.

Graph reference: siteProtectionUnitsBulkAdditionJob

Property	Type	Description
createdBy	identitySet	The identity of the person who created the job.
createdDateTime	DateTimeOffset	The date and time that the job was created.
displayName	String	The name of the job.
error	publicError	Contains error details if any site-url resolution fails.
id	String	The unique identifier of the job associated with the SharePoint protection policy.
lastModifiedBy	identitySet	Identity of the person who last modified the job.
lastModifiedDateTime	DateTimeOffset	Timestamp of the last modification to the job.
status	protectionUnitsBulkJobStatus	Status of the job. The possible values are: `unknown`, `active`, `completed`, `completedWithErrors`, and `unknownFutureValue`.
siteWebUrls	String collection	The list of SharePoint site URLs to add to the SharePoint protection policy.
siteIds	String collection	The list of SharePoint site IDs to add to the SharePoint protection policy.

Table of Contents

BackupRestore-Configuration.Read.All

Graph Methods

Resources