Greetings friends, I have told you many times all the advantages that Veeam Backup for Microsoft Office 365 has, also remember that it allows you to protect 10 users, with 1TB of SharePoint, free and forever, I leave you some of the previous entries:
- Looking for the Perfect Dashboard: InfluxDB, Telegraf, and Grafana: Part XIII – Veeam Backup for Microsoft Office 365 v4
- Veeam: Six outstanding new functionalities in Veeam Backup for Microsoft Office 365 v4 -Beta
- Veeam: Deep Overview of What’s New in the RESTful API of Veeam Backup for Microsoft Office 365 v4 – Beta
- Grafana: Using Microsoft Office 365 for our email notifications
Today we will see a topic that many people ask me, how can we create additional administrators that have access to the console.
Diagram of Administrators accessing Veeam Backup for Microsoft Office 365 Server
Create additional administrators, grant permissions, and restrict remote access
When we are talking about additional administrators for Veeam Backup for Microsoft Office 365, we are talking about Local Admins. Since for now, Veeam has no other way to restrict these privileges. I leave you with a simple PowerShell so you can create your users and put them into the Local Admins group:
$Password = Read-Host -AsSecureString
New-LocalUser "MIADMIN2" -Password $Password -FullName "ADMIN2" -Description "ADMIN 2 for VBO
Add-LocalGroupMember -Group Administrators -Member MIADMIN2
This will allow us to create a password, which is assigned to the user we want to create, and we put that user in the group of Administrators, so far so good. But what if we don’t want these VBO Administrators to be able to connect via Remote Desktop, or access the VMware Console, for example, we will have to edit the default GPO and add these users to these two policies, I leave you with an example.
In Computer Configuration – Windows Settings – Security Settings – Local Policies – User Rights Assignment:So if this administrator, or administrators, want to connect by Remote Desktop, or by console, they will see the following:Surely there are more policies that we can include apart from these two, if you know them all, please leave a comment. At least we can limit a little with these steps.
Another very simple option is to have all the ports closed, except for those necessary for the correct functioning of Veeam Backup for Microsoft Office 365, for example, port 9191 from the outside to the server is to be used to open the Console.
Necessary components in each Administrator
Each Administrator will need a series of components to remotely access Veeam Backup for Microsoft Office 365 Server, it is really very simple and we can find the installation package on the Veeam website:Once we download the package to each desktop of one of these administrators, we will run the installer that says Veeam Backup 365:
If we go to the start menu and look for “Veeam Backup” we will find our Veeam Backup for Microsoft Office 365 console.
Access the Console with our different Administrators
Well, that’s it, once we open the console, we access it with our new administrators:And we will be able to see all our jobs, create more, delete them, see statistics, generate reports, etc.In case we would also like to launch restorations of Exchange, SharePoint, OneDrive, or Teams, we will have to install the Explorers on each Administrator’s computer:
How to Monitor and get visibility of each Administrator’s recovery tasks
Of course, Veeam Backup for Microsoft Office 365, stores all the information of what each Administrator does with the product, in a format of security logs, which can be checked very easily within History – Restore, for example:If you want something more elegant and automated, I have already left you a Grafana Dashboard that works great for this type of visualization:
- Looking for Perfect Dashboard: InfluxDB, Telegraf, and Grafana: Part XVI – Performance and Advanced Security of Veeam Backup for Microsoft Office 365
That’s all folks, I hope you like it, and you can use this post.