VBO365 - Disable Basic Auth in M365 per Oct. 1, 2022


Userlevel 7
Badge +2

Microsoft has announced, that they are disabling basic auth on October 1st, 2022 for all tenants. It doesn‘t matter if you use it now or not. It gets disabled after October 1st, 2022.

 

From the announcement post:

Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage (with the exception of SMTP Auth, which can still be re-enabled after that).

Source: https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210

 

How is this relevant to our Veeam Backup Office 365 Installations?

Today, Veeam can backup Office 365 data without basic auth (modern Auth Only).

But this has some limitations. You can find them in this post:

https://www.veeam.com/kb3146

As soon basic auth is disabled from Microsoft, vbo servers with organizations and „modern authentification with legacy protocols“ or „basic authentication method“, backup jobs will most likely stop working.

 

What can be done from us administrators?

Everyone should be ready for this change when it happens. Perhaps, veeam will write a kb until next year to inform customers what can be done for vbo365.

For me, I think we will change to modern auth only and inform our customers about the new limitations. We will decide next summer when it gets clearer, what needs to be done. Security is more important than most of the missing features.

 

What other Third Party Software could be affected?

I have seen old software with POP3 Integration which are using POP3 with Basic Auth. They need to be checked if they can work with Modern Auth.

Software, which uses the EWS API from Microsoft needs also to be able to use Modern Auth. There are many software on the market with calendar integration which are connecting only with Basic Auth, to get the users calendars data.

SMTP will not be affected as written in the Microsoft Announcement Post.


———————————-

I am looking forward to October 2022 and what doesn‘t work after that. 😬😅

 

 

 


12 comments

Userlevel 7
Badge +4

In general a good thing, I think.

And probably Veeam will publish a solution for this until October 2022….

Userlevel 7
Badge +2

And probably Veeam will publish a solution for this until October 2022….

If they can :)

The Graph API doesn‘t expose everything.

And if I correctly understand the situation, there are many missing APIs „for using modern auth only“, which veeam needs for the backup and restore. 
 

we will see :)

Userlevel 7
Badge +3

Thx for posting this @Mildur ! Modern authentication is the way. I use this by default for all installation, except modern authentication with legacy protocols if the customer is still using public folders :-( 

Userlevel 7
Badge +2

Your welcome.

For me, it‘s „modern authentication with legacy protocols“ until now. 
Public folder will be the most missed feature from the limitation list. Or the restore of the OneNote data.

Hopefully Microsoft will build an API with modern Auth for veeam to leverage.

Userlevel 7
Badge +5

Yeah moving to MFA is the way to go now.  Nice to see this article.

Userlevel 7
Badge +3

Thanks for posting this is information @Mildur. I'm sure we'll see many changes, both from Microsoft and Veeam, till the end of basic auth.

Hi All, as we can only currently use Dynamic groups via Basic auth, Will Veeam plan to implement a solution to allow Dynamic groups to work via modern auth. This would great.

Userlevel 7
Badge +2

Hi All, as we can only currently use Dynamic groups via Basic auth, Will Veeam plan to implement a solution to allow Dynamic groups to work via modern auth. This would great.

@SpikeNZ 
We have to wait a few months to see what can be done.

It‘s to early to say. I will update this topic if I hear anything new from Veeam :)

Userlevel 7
Badge

Brace yourselves, new Microsoft vulnerability is coming...

Userlevel 7
Badge +5

This will be an interesting situation to watch, Microsoft have looked at charging for certain API accesses  historically (and backed down every time).

 

Part of me worries that once we lose alternatives such as basic access, we are giving Microsoft more leverage to take a “like it or lump it” approach and start charging for certain Graph APIs or above certain usage rates. (Understandably, they are a .com after all).

 

It tooks ages to get the Microsoft Teams Graph APIs but hopefully we’ll see the shortfalls addressed in v6 and subsequent updates as Veeam work with Microsoft to reduce the feature disparity between Basic & Modern auth.

It’s 2021 and I have to suggest to customers to use Basic Auth as the “holy grail” of Modern Auth is too limited to be a replacement for some.

Userlevel 7
Badge +2

Good thoughts, @MicoolPaul 

If there will be API Costs for that, it will get more difficult to sell it to the customers. 

Userlevel 7
Badge +5

This will be an interesting situation to watch, Microsoft have looked at charging for certain API accesses  historically (and backed down every time).

 

Part of me worries that once we lose alternatives such as basic access, we are giving Microsoft more leverage to take a “like it or lump it” approach and start charging for certain Graph APIs or above certain usage rates. (Understandably, they are a .com after all).

 

It tooks ages to get the Microsoft Teams Graph APIs but hopefully we’ll see the shortfalls addressed in v6 and subsequent updates as Veeam work with Microsoft to reduce the feature disparity between Basic & Modern auth.

It’s 2021 and I have to suggest to customers to use Basic Auth as the “holy grail” of Modern Auth is too limited to be a replacement for some.

This will be interesting for sure as O365 is a big seller for us.  Let's see what happens.

Comment