We received a lot of feedback about the German how-to guide for service providers. We love to see how fast our articles are shared around the globe. It also shows us that this topic should be documented in detail within our best practice guide. We also want to support our world wide community – so here is the English version of our how-to.
You can completely setup the self-service-portal for a single tenant environment with the known Veeam user interface. (https://helpcenter.veeam.com/docs/vbo365/guide/ssp_configuration.html).
But a lot of service-providers offer a full serviced and managed backup for Microsoft 365 (based on Veeam Backup for Microsoft 365) to their customers.
If you want to run a self-service portal for multiple tenants you also need to connect the backup application with the customers organization account.
If you have already configured the self service portal for a single tenant, you have also seen that there is no possibility to configure more than one application with the GUI. Which does not mean that its not possible 😉
We need to prepare some steps before configure and activate the portal for multiple customers.
1. Add the tenant organization to the Veeam Backup for Microsoft 365 console. We also recommend to create the first backup jobs and let them run.
2. Identify the restore portal application ID. You can find it at the “burger menu” (3 lines) -> “General Options”.
3. Please save the application ID in an editor for the next step.
4. To simplify the hole process we are using a prepared powershell script from the VeeamHub:
Before you run the script, you need to add the copied application ID to it at line 3. After that you can run the script and connect the application with the command :
Note: The powershell modules “Azure AD” and “Az.Accounts” will be installed automatically.
5. If everything run successfully you can verify the application at the customers Azure Directory –> Enterprise applications. To see your application please delete the filter “Application type == Enterprise Applications”.
If you sort by “creation-date” you should see the application with the proper name (set by service-provider).
Even if you can see the application, we recommend to wait with first login about 15 minutes after script execution. It need some time to finish all changes (rights, configuration and policies etc.) in the background.
6. After that, the login using the tenant credentials is possible:
I hope our “How-to” saved some time for you.
We are happy to receive any kind of feedback !