VBO365 - Disable Basic Auth in M365 per Oct. 1, 2022

Thx for posting this @Mildur ! Modern authentication is the way. I use this by default for all installation, except modern authentication with legacy protocols if the customer is still using public folders :-( 

What do I need to do to move away from Basic Auth? Do I need to buy Azure in order for Backup 365 to work as it is at the moment?

@Glenn_LSTS 

SMTP Authentication or doing Backups?

For SMTP Notifications, wait for the next release of VB365. Modern Auth SMTP Auth will be possible then.

For Backups, just switch the authentication in VB365 to Modern App Only:

Adding Organizations with Modern App-Only Authentication - Veeam Backup for Microsoft 365 Guide

You will loose some features, check the KB for that first:

KB3146: Considerations and limitations when using different authentication methods (veeam.com)

If you are using Public Folder, then either wait with disabling Basic Auth until microsoft and veeam can provide a solution or migrate them to Shared Mailboxes (my prefered way :))

Yeah moving to MFA is the way to go now.  Nice to see this article.

If you check the help here - Adding Organizations with Modern App-Only Authentication - Veeam Backup for Microsoft 365 Guide

This outlines adding Modern Auth to a new tenant but all you need to do is edit your existing Tenant(s) and change the authentication method.  Hopefully this helps.

And so it looks like:

Hi All, as we can only currently use Dynamic groups via Basic auth, Will Veeam plan to implement a solution to allow Dynamic groups to work via modern auth. This would great.

This will be an interesting situation to watch, Microsoft have looked at charging for certain API accesses  historically (and backed down every time).

Part of me worries that once we lose alternatives such as basic access, we are giving Microsoft more leverage to take a “like it or lump it” approach and start charging for certain Graph APIs or above certain usage rates. (Understandably, they are a .com after all).

It tooks ages to get the Microsoft Teams Graph APIs but hopefully we’ll see the shortfalls addressed in v6 and subsequent updates as Veeam work with Microsoft to reduce the feature disparity between Basic & Modern auth.

It’s 2021 and I have to suggest to customers to use Basic Auth as the “holy grail” of Modern Auth is too limited to be a replacement for some.

Hi, the R&D forums will be the best place to ask this question as there’s more engagement from Veeam engineers there. The lack of feature parity between modern & basic auth has historically been due to Microsoft not exposing APIs to handle this via the graph API, hence with basic auth, Veeam interact with EWS if I remember correctly, to work around this limitation.

Here we are! 1st October.

I want to remind everyone that this now needs to be part of your troubleshooting workflows. Microsoft have published this for guidance around troubleshooting:

https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-email-applications-stopped-signing-in-or-keep/ba-p/3641943

Thanks for taking the time to reply.

We only use Veeam to backup our sharepoint subscription / emails / onedrive to local storage. I don’t believe we use smtp for anything.

So, we don’t need a Azure subscription? within the Desktop Application settings, Modern Auth seems to want me to plug in some Azure credentials.

As for features, we just need the ability to restore!

Hi,

I upgraded Veeam O365 from v5. to the latest version 6.1.0254 last week. And now i got the assignment to make sure we are on Modern Authentication or if not, make a change with the steps to get there.

I know i created a new App Registration with Microsoft Graph User.Read rights during the upgrade of Veeam.

I also noticed in the Sign-in Logs in Azure AD we still get Legacy Authentication Clients logins from Veeam. They are comming from the Veeam Auxiliary accounts we are using for spreading the load (i have been told).

2 Questions:

What should i do? Or where can i find how to do this?

How can i make us Modern Authentication-proof? And please some steps from the point of using Veeam o365 already and not from a new Veeam o365 installation

If you have a new Organization - you simply select Modern Authentication when setting it up in VBM365.

If you have an existing Organization - you edit the properties of that ORG and you can then change the authentication method to Modern from Basic.  This will then proceed to use the Modern Authentication method.

The Auxiliary accounts question - you need to determine which Organization you set those up with and that will tell you where the Basic Authentication is being used.  You can then modify it to Modern Auth.

Hope this helps and feel free to post back with further questions. 👍🏼