Authentication
This section has content in regards of authentication of VBO against the Microsoft 365 infrastructure.
Method
Use Modern App-only Authentication as it’s the way-forward for authentication from now onwards. This gives you the best performance, most security and is future proof.
Microsoft announced to disable Basic Authentication beginning from October 1, 2022 for both Exchange and SharePoint.
Least Privilege Approach
To improve security use the least privilege approach and only assign the permissions which are required for the task at hand.
When using the wizard to add a new organization and create the Azure AD application from within the wizard, this application will have all possible permissions VB365 might need. However, you might only need a portion of it, because you are only backing up Exchange, or you want to separate the restore permissions to another application.
On the Veeam Help Center Required Azure AD Permissions you can find a detailed list of permissions and what they are used for. With this information you can build a least privilege model and only assign the required permissions to the Azure AD applications.