Microsoft 365 modern authentication for VBR and VBO365 server


Userlevel 7
Badge +7

Good morning community!

I'd like to share with you a configuration I've come across these days: setting up notifications with Microsoft 365 modern authentication for VBR and VBO365 server.

 

DOCUMENTATION

The official links from Veeam Helpcenter are:

 

VEEAM CONSOLE CONFIGURATION

Configuration is quite simple for both: the menu is always in the same tab "email settings" for VBR and "notification" for VBO 365.

 

 

AZURE AD APPLICATION

The biggest difference from accounts with basic authentication is that in order for Veeam to send email on behalf of a Microsoft 365 account, it is necessary to use an Azure AD application registered on the Azure Portal.

You can use an application preinstalled by Veeam, or register a new one.

In my case I followed the second way, and the official links from Veeam Helpcenter and from Microsoft are:

I don't add screens on the registration of the Azure app because the first link is already quite comprehensive in my opinion.

 

AUTHORIZATION

The next step is to take the Directory (tenant) ID and Application (client) ID parameters of the Azure app you created and set them on the "advanced" button of the email settings tab.

The last step is to click on "authorize now" and complete the authentication by entering the credentials of the Microsoft 365 account chosen to send these emails.

 

 

BONUS TIP

What might happen if you did not follow the documentation to the letter (as I did) is that you might receive the error:

Specifically, having configured VBR first, the solution was to add the redirect URI http://localhost:30000/oauth2/forward listed in the error to the Azure as specified in the link https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts50011-redirect-uri-mismatch (https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts50011-redirect-uri-mismatch) .

When I then went to do the configuration for VBO 365, I got the error again, as with good probability this software uses different URLs than VBR.

In the VBO 365 guide, in fact, it is specified to enter http://localhost as a redirect URI.

https://helpcenter.veeam.com/docs/vbo365/guide/register_app_azure.html?ver=70

Once set, this authentication was also successful.

Enjoy! 💚


11 comments

Userlevel 7
Badge +17

Appreciate the share Marco! 

Userlevel 7
Badge +21

Thanks for sharing this one Marco.

Userlevel 7
Badge +10

Super helpful, @marco_s ! These are needed for the new configurations.

Userlevel 7
Badge +10

Thanks for sharing this @marco_s . Very helpful indeed!

Userlevel 7
Badge +8

Thanks for sharing. Great info 

Userlevel 7
Badge +7

Thank you guys, hope can be helpful!

Userlevel 7
Badge +6

Has anyone run into a situation where they had to reauthorize modern auth for SMTP alerting?  I had a client that was complaining that they weren’t getting alerts (they weren’t set as a recipient) but when I was in there noticed that testing was failing and I had to reauthorize the SMTP connection.  Seemed strange to me as it had only been setup a couple of months before.

Userlevel 7
Badge +7

Hi Derek, I’ve noticed that after you enable the modern auth and you return on the menu it asks for the auth again but it still work even if you don’t authorize a second time..I don’t know if it is a bug.. 🤔

Userlevel 7
Badge +6

Hi Derek, I’ve noticed that after you enable the modern auth and you return on the menu it asks for the auth again but it still work even if you don’t authorize a second time..I don’t know if it is a bug.. 🤔

I think in my case, I wasn’t able to send an email until I re-authed it again.  Not sure…it’s been a couple weeks so maybe I should go back and check again, but I think the emails have still been flowing this time.

Our email notifications stopped 1-2 months ago. The “Test Message” is successful, but the email notification is unsuccessful after a backup job. I clicked on “Re-authorize”, I authenticate successfully but then I get forwarded to a very long http://localhost:30000/?code= URL that is not reachable. 

The Enterprise App we were using was the one made available by Veeam so I’m not able to change/review the reply URL, so I followed your article here to register a new App with the reply URL http://localhost, and then I configured the custom application registration settings in VBM365.

I authenticated successfully, but I’m still getting that same “Hmmm… can't reach this page” error with that super long localhost:30000 URL. The Notification settings shows “Token is valid”, and “Test Message” is successful. I successfully received the notification from a backup job. I wonder if anyone else is getting that page. 

I authenticated successfully, but I’m still getting that same “Hmmm… can't reach this page” error with that super long localhost:30000 URL. The Notification settings shows “Token is valid”, and “Test Message” is successful. I successfully received the notification from a backup job. I wonder if anyone else is getting that page. 

 

I created a ticket with Veeam and they said “it seems this may be coming up for other customers of ours so there may be something going on. I can't say if its on the VB365 side or the Microsoft side”. 

Comment