• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
The Blog of Jorge de la Cruz

The Blog of Jorge de la Cruz

Everything about VMware, Veeam, InfluxData, Grafana, Zimbra, etc.

  • Home
  • VMWARE
  • VEEAM
    • Veeam Content Recap 2021
    • Veeam v11a
      • Veeam Backup and Replication v11a
    • Veeam Backup for AWS
      • Veeam Backup for AWS v4
    • Veeam Backup for Azure
      • Veeam Backup for Azure v3
    • VeeamON 2021
      • Veeam Announces Support for Red Hat Enterprise Virtualization (RHEV/KVM)
      • Veeam announces enhancements for new versions of Veeam Backup for AWS v4/Azure v3/GVP v2
      • VBO v6 – Self-Service Portal and Native Integration with Azure Archive and AWS S3 Glacier
  • Grafana
    • Part I (Installing InfluxDB, Telegraf and Grafana on Ubuntu 20.04 LTS)
    • Part VIII (Monitoring Veeam using Veeam Enterprise Manager)
    • Part XII (Native Telegraf Plugin for vSphere)
    • Part XIII – Veeam Backup for Microsoft Office 365 v4
    • Part XIV – Veeam Availability Console
    • Part XV – IPMI Monitoring of our ESXi Hosts
    • Part XVI – Performance and Advanced Security of Veeam Backup for Microsoft Office 365
    • Part XVII – Showing Dashboards on Two Monitors Using Raspberry Pi 4
    • Part XIX (Monitoring Veeam with Enterprise Manager) Shell Script
    • Part XXII (Monitoring Cloudflare, include beautiful Maps)
    • Part XXIII (Monitoring WordPress with Jetpack RESTful API)
    • Part XXIV (Monitoring Veeam Backup for Microsoft Azure)
    • Part XXV (Monitoring Power Consumption)
    • Part XXVI (Monitoring Veeam Backup for Nutanix)
    • Part XXVII (Monitoring ReFS and XFS (block-cloning and reflink)
    • Part XXVIII (Monitoring HPE StoreOnce)
    • Part XXIX (Monitoring Pi-hole)
    • Part XXXI (Monitoring Unifi Protect)
    • Part XXXII (Monitoring Veeam ONE – experimental)
    • Part XXXIII (Monitoring NetApp ONTAP)
    • Part XXXIV (Monitoring Runecast)
  • Nutanix
  • ZIMBRA
  • PRTG
  • LINUX
  • MICROSOFT

Veeam: Veeam Backup for Microsoft 365 – Security Notifications for Restore operations (Modern Auth – Automated)

5th August 2023 - Written in: veeam

Greetings friends, the other day I demonstrated how we could configure the OAuth for the Veeam Backup for Microsoft 365 AuditEmailSettings. The manual process I must admit it can lead to so many mistakes taking some tokens, or querying some endpoints, it is very complex.

That is why I’ve created a simpled PowerShell script that will make your life much easier to configure OAuth on Audit operations for Veeam Backup for Microsoft 365. Let’s take a look at the steps once again, this time using the script.

Audit Diagram in Veeam Backup for Microsoft 365

Before we start with the subject, I think a diagram about how all these works can help us better understand what we are going to do, and activate:

Script time, zero swagger or complexity

Download the script I’ve prepared fro you from the VeeamHub, remember that you can always edit and contribute here, we are always looking forward to improve or add new stuff here:

  • https://raw.githubusercontent.com/VeeamHub/powershell/master/VB365-AuditRestoreOperations/vb365-AuditEmailSettings-OAuth.ps1

Once you have the script on your computer, you will need to edit somevariables, they are very self-explanatory:

# Variables to login on Veeam Backup for Microsoft 365
$veeamUsername = "YOURVB365USERNAME"
$veeamPassword = "YOURVB365PASSWORD"
$veeamRestServer = "https://YOURVB365IPORHOSTNAME"
$veeamAPIversion = "v7"
$veeamRestPort = "4443" #Default Port

# Variables to login and Auth in GoogleMail, or Microsoft 365
$ServerType = "Microsoft365"
$redirectUrl = "http://localhost"

# Variables to login and Auth in GoogleMail, or Microsoft 365
$mailFrom = "YOURMAILFROM"
$mailTo = "YOURMAILTOBETTERTOBEADL"
$subject = "VBO Audit - %StartTime% — %OrganizationName% - %DisplayName% - %Action% - %InitiatedByUserName%"

Once you have all of those variables filled, it is time to open PowerShell with administrator rights, and run it:

During the process, it will ask for user/pass, and maybe MFA in case you have it enabled, authorize yourself normally:

It will redirect us to a localhost tab in our browser, but we can omit that and close it later, let’s get back to the PowerShell to see what it does:

It seems all went good, we can check our Inbox to see if we receive the Test Email:

And that’s it, we finished the AuditEmailSettings part within seconds. Now, we need the second part, that as of today you need swagger. Will automate this perhaps later.

Whole process in video

Adding here the video of what you should see if you follow all the steps:

Recommended – All Automated!

Please come here to find everything automated:

  • https://community.veeam.com/blogs-and-podcasts-57/scripts-veeam-backup-for-microsoft-365-audit-email-audit-users-5351

You will find there two scripts to make your life easier with this.

How to Enable Auditing of protected items with Veeam Backup for Microsoft 365

We have all the help and official information in the following link, but it is really very simple, if we look at the diagram above, we will see that to receive notifications, we must first select the items we want to audit. We have two types that we can audit, the Users (Exchange Mailboxes, Shared Mailboxes, OneDrive for Business, etc.), and the Groups (SharePoint and Teams).

To start making a deeper visualization of what happens of one or the other, we have to know the ID, and the name of what we want to audit, we will see the example with a User, we will have to go first to Organizations, since we need to know our Organization ID, from our swagger – https://YOURVB365:4443 and you do the Auth at the end of the page to obtain the token, then on the top to login, then you go to Organizations, expand the GET, and click on Try it out, you will see something similar to this:

Now that we know our Organization ID, we will go to OrganizationUser and expand the GET, where we ask for the Organization ID, once we paste it we give Try it out!

This will give us back all the users, in my case in which I want to enable the audit is Jorge de la Cruz, so the relevant data are the following: ID, displayName, and name

We are almost there! We will finally go to OrganizationAudit, and in the AuditItems POST, we will introduce our Organization ID, and the following code with the user, or users, or groups. It is a .json, so at once we can add as many components as we want:

[
 {
  "type": "user",
  "user": {
    "id": "jorgedelacruz.onmicrosoft.com:00000000-0000-0000-0000-000000000000:00000000-0000-0000-0000-000000000000:291b10fd-bb83-4e51-9365-302f403234a8:00000000-0000-0000-0000-000000000000",
    "displayName": "Jorge de la Cruz",
    "name": "[email protected]",
    }
 }
]

The result would have to be something like this, we will hit the Try it out button as always, we will have to receive a 200 to know that everything has gone well:

If we wanted to check that everything has been added in a satisfactory way, very quickly we go to the GET of AutidItems, and check what we have:

We see that everything has gone well and we have our users, this would help us to check which users and groups we are auditing.

We already have everything ready. What is left for us? Open the Veeam Explorers and start playing.

A Real-Life Example of Audit being sent in Real-Time

As I say, no matter if we open the Explorer from the server, or from a Tenant, or from another PC, any element that we open, restore, or export, the relevant security email will be sent so that everything is audited, for example:

I have opened an Exchange Explorer, and in a user where the audit is enabled I have View an email to browse it:

I immediately received this message on my security account where I am auditing who does what and when:

Now I have decided to export an email to my computer as .msg:

I have immediately received this message in my security account where I am auditing who does what and when, and in this case where I have exported the item:

I leave you another example, this time of restoration of OneDrive for Business:

This is very, very powerful, and will surely give us a lot of play in the near future. I hope you find it useful, thank you very much for reading.

Filed Under: veeam Tagged With: veeam, veeam audit, veeam microsoft 365 audit, veeam microsoft 365 security, veeam self service

Reader Interactions

Comments

  1. Andro says

    21st September 2023 at 1:03 am

    Great infos Jorge!!!
    Maybe have you also a script how to remove auditing from protected items?

    Thaks

  2. jorgeuk says

    21st September 2023 at 10:00 am

    Hello,
    Not at the moment, I can probably write something but busy currently with other projects, so you will need to wait a bit.

    Cheers

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

  • E-mail
  • GitHub
  • LinkedIn
  • RSS
  • Twitter
  • YouTube

Posts Calendar

August 2023
M T W T F S S
 123456
78910111213
14151617181920
21222324252627
28293031  
« Jul   Dec »

Disclaimer

All opinions expressed on this site are my own and do not represent the opinions of any company I have worked with, am working with, or will be working with.

Copyright © 2025 · The Blog of Jorge de la Cruz