Authentication
Veeam Backup for Microsoft 365 authenticates using Modern App-only Authentication against the Microsoft 365 infrastructure. This gives you the best performance, the most security, and is future-proof.
Least Privilege Approach
To improve security use the least privilege approach and only assign the permissions which are required for the task at hand.
When using the wizard to add a new organization and create the Entra ID application from within the wizard, this application will have all possible permissions VB365 might need. However, you might only need a portion of it, because you are only backing up Exchange, or you want to separate the restore permissions to another application.
On the Veeam Help Center Required Entra ID Permissions you can find a detailed list of permissions and what they are used for. With this information you can build a least privilege model and only assign the required permissions to the Entra ID applications.