Guides

Azure Permissions for VBO Cross-User Mailbox Restores

Microsoft has deprecated the ApplicationImpersonation RBAC role in Exchange Online, which has a direct impact on how cross-mailbox operations are carried out. This change affects third-party tools, such as Veeam Backup for Microsoft 365, that previously relied on this role for mailbox access during restore processes. As of March 13, 2025, the ApplicationImpersonation role has been completely removed from Exchange Online. Any attempts to use this role for restores or cross-mailbox access will now fail.

For organisations using Veeam Backup for Microsoft 365, the new supported approach for mailbox restores is to grant explicit FullAccess permissions on the target mailboxes to the restore account. This requires an updated process involving specific PowerShell commands.

Covenco’s managed services team has prepared a detailed guide to help you navigate these changes. Our expertise ensures a smooth transition, maintaining your ability to perform essential restore operations without disruption.

To understand the full implications and get the step-by-step instructions for the updated process, we encourage you to download our guide, “Azure Permissions for VBO Cross-User Mailbox Restores (Following Microsoft’s Deprecation of ‘ApplicationImpersonation’ role)”.

Download the solution guide here

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.