To back up data from M365 one can pre-create an app within AzureAD and connect via a certificate from VBM. Then no additional login to M365 is necessary:
Keep in mind that you do not need to select this check box if you have granted the required permissions to the specified Azure AD application beforehand and already registered its certificate in Azure Active Directory. If the Grant this application required permissions and register its certificate in Azure AD check box is not selected, Veeam Backup for Microsoft 365 skips the Log in to Microsoft 365 step and proceeds to Finish Working With Wizard.
But once you want to restore back to M365 things change: From within Exchange Explorer, you are prompted to do the device flow login with e.g. an Exchange admin to restore mail objects.
Though while deploying the AzureAD-App an impersonation user was already specified.
Is there a way to pre-define rights to the AzureAD app to circumvent recurring device flow logins?
E.g. using the restore portal from within VBM, it can be done without additional login for each restore.