VBO365 - Disable Basic Auth in M365 per Oct. 1, 2022


Userlevel 7
Badge +5

Microsoft has announced, that they are disabling basic auth on October 1st, 2022 for all tenants. It doesn‘t matter if you use it now or not. It gets disabled after October 1st, 2022.

 

From the announcement post:

Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage (with the exception of SMTP Auth, which can still be re-enabled after that).

Source: https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210

 

How is this relevant to our Veeam Backup Office 365 Installations?

Today, Veeam can backup Office 365 data without basic auth (modern Auth Only).

But this has some limitations. You can find them in this post:

https://www.veeam.com/kb3146

As soon basic auth is disabled from Microsoft, vbo servers with organizations and „modern authentification with legacy protocols“ or „basic authentication method“, backup jobs will most likely stop working.

 

What can be done from us administrators?

Everyone should be ready for this change when it happens. Perhaps, veeam will write a kb until next year to inform customers what can be done for vbo365.

For me, I think we will change to modern auth only and inform our customers about the new limitations. We will decide next summer when it gets clearer, what needs to be done. Security is more important than most of the missing features.

 

What other Third Party Software could be affected?

I have seen old software with POP3 Integration which are using POP3 with Basic Auth. They need to be checked if they can work with Modern Auth.

Software, which uses the EWS API from Microsoft needs also to be able to use Modern Auth. There are many software on the market with calendar integration which are connecting only with Basic Auth, to get the users calendars data.

SMTP will not be affected as written in the Microsoft Announcement Post.


———————————-

I am looking forward to October 2022 and what doesn‘t work after that. 😬😅

 

 

 


28 comments

Hi,

 

I upgraded Veeam O365 from v5. to the latest version 6.1.0254 last week. And now i got the assignment to make sure we are on Modern Authentication or if not, make a change with the steps to get there.

 

I know i created a new App Registration with Microsoft Graph User.Read rights during the upgrade of Veeam.

I also noticed in the Sign-in Logs in Azure AD we still get Legacy Authentication Clients logins from Veeam. They are comming from the Veeam Auxiliary accounts we are using for spreading the load (i have been told).

2 Questions:

What should i do? Or where can i find how to do this?

How can i make us Modern Authentication-proof? And please some steps from the point of using Veeam o365 already and not from a new Veeam o365 installation

If you check the help here - Adding Organizations with Modern App-Only Authentication - Veeam Backup for Microsoft 365 Guide

This outlines adding Modern Auth to a new tenant but all you need to do is edit your existing Tenant(s) and change the authentication method.  Hopefully this helps.

Hi Chris,

 

Thank you very much, and not to be ungratefull but that is what i already found in this topic, but it is exactly that " … all you need to do is edit your existing tenant and change the authentication method.” what is making me unsure, because what needs to be edit when you have an existing situation and what is only for new situations? I can't risk having it goes wrong because i didn't filter it the right way. I don't understand why there is no manual for changing an existing situation and how it should look like in the end. That is where i need a little help.

Also on the Veeam Auxiliary accounts, where it looks like they make use of the basic Authentication. How do i change that?

 

Userlevel 7
Badge +8

Hi,

 

I upgraded Veeam O365 from v5. to the latest version 6.1.0254 last week. And now i got the assignment to make sure we are on Modern Authentication or if not, make a change with the steps to get there.

 

I know i created a new App Registration with Microsoft Graph User.Read rights during the upgrade of Veeam.

I also noticed in the Sign-in Logs in Azure AD we still get Legacy Authentication Clients logins from Veeam. They are comming from the Veeam Auxiliary accounts we are using for spreading the load (i have been told).

2 Questions:

What should i do? Or where can i find how to do this?

How can i make us Modern Authentication-proof? And please some steps from the point of using Veeam o365 already and not from a new Veeam o365 installation

If you check the help here - Adding Organizations with Modern App-Only Authentication - Veeam Backup for Microsoft 365 Guide

This outlines adding Modern Auth to a new tenant but all you need to do is edit your existing Tenant(s) and change the authentication method.  Hopefully this helps.

Hi Chris,

 

Thank you very much, and not to be ungratefull but that is what i already found in this topic, but it is exactly that " … all you need to do is edit your existing tenant and change the authentication method.” what is making me unsure, because what needs to be edit when you have an existing situation and what is only for new situations? I can't risk having it goes wrong because i didn't filter it the right way. I don't understand why there is no manual for changing an existing situation and how it should look like in the end. That is where i need a little help.

Also on the Veeam Auxiliary accounts, where it looks like they make use of the basic Authentication. How do i change that?

 

If you have a new Organization - you simply select Modern Authentication when setting it up in VBM365.

If you have an existing Organization - you edit the properties of that ORG and you can then change the authentication method to Modern from Basic.  This will then proceed to use the Modern Authentication method.

The Auxiliary accounts question - you need to determine which Organization you set those up with and that will tell you where the Basic Authentication is being used.  You can then modify it to Modern Auth.

Hope this helps and feel free to post back with further questions. 👍🏼

Userlevel 7
Badge +8

Here we are! 1st October.

 

I want to remind everyone that this now needs to be part of your troubleshooting workflows. Microsoft have published this for guidance around troubleshooting:

https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-email-applications-stopped-signing-in-or-keep/ba-p/3641943

Comment