Error Backing up SharePoint for unlicensed Users (archived users): 403 (forbidden)

[msobm]

Since 1-2 days, multiple Veeam Backup for Microsoft 365 jobs on different Servers and for different tenants have started throwing errors for some SharePoint Objects:

Code: Select all

Failed to process site: https://tenant-my.sharepoint.com/personal/username. The response status code does not indicate success: 403 (Forbidden).

A quick check in the Microsoft 365 Admin Portal shows that all affected objects are users who are currently unlicensed, but were licensed in the past.
In many cases, the licenses were removed months ago—sometimes more than a year ago—yet there were no issues until 1–2 days ago.
In the SharePoint Admin Center, these users appear in the Unlicensed OneDrive accounts report with the status “Recently archived.”

I opened a support case with Veeam (Case #08068746), but their response was that we should manually exclude these users from the backup jobs.
That doesn’t seem right to me—creating and maintaining manual exclusions for every user who gets unlicensed after previously having a license does not scale.

Could this be related to Microsoft’s recent changes around archiving and billing unused OneDrive accounts? https://learn.microsoft.com/en-us/share ... e-accounts
None of the affected customers are using this feature (no billing configured), yet the users still show up in the SharePoint Admin Center as “Recently archived.” I suspect this is the root cause of the issue.

Has anyone else encountered this before or is experiencing the same behavior?

[aeph]

We've also been experiencing some SharePoint errors in our daily backups for the past 2–3 days.

The error message is a bit different:

"Failed to process site: XXX. Cannot contact site at the specified URL XXX. Access to this Web site has been blocked. Please contact the administrator to resolve this problem."

Case #08070381

[Polina]

Hi All,

Thanks for the heads-up, we haven't noticed anything like that yet, but will take a closer look now.

@msobm It'd be great to know how your job producing such errors are configured. Are users explicitly selected, or is it an Organization/sites protection, or any other option?

@aeph Do you see such an error on a personal or non-personal site?

[msobm]

Hello Polina

The Job has the Organization selected.
Interesting finding: At some Tenants, excluding the Users does not work. Excluding only works when selecting the coresponding personal Sites instead.

[msobm]

For the sake of completeness:
As a workaround, I have now excluded every affected site individually for each customer. This does work, but it is cumbersome and difficult to manage.
As a result, dynamic groups cannot be used in this scenario.

Do you have any idea what might be causing this issue?
At this point, I suspect a change on the Microsoft side that would require an adjustment in Veeam Backup for Microsoft 365, specifically in how SharePoint sites eligible for backup are discovered or evaluated.

All tenants are located in EU or Switzerland. Not every tenant is affected.

[Kv3]

Hello,
Since Sunday evening 26.4.2026 I have the same problem as msobm when backing up Sharepoint of unlicensed users. Tenant is in EU

[tm67]

We also have seen a lot of errors over the last few days
#08073404
We do protect type:organization -> process: sites/teams

To create an exclusion for each user where a license gets removed is not really a solution for us when having a lot of tenants and thousands of users to protect.

[DHuppertz]

Same problem here since Update to v8.4.0.1457

[quebez]

same problem here. Tenant Location is Switzerland

Case #08073632

[Polina]

Hi All,

RND is already looking into it.
If such problematic sites are just skipped from processing, would it be an acceptable solution?

[tm67]

Hi Polina
Was there a change in 8.4 that can be reverted so the backups run again successfully? If yes, that would be the best solution.
Or is it just a display warning change so the backups did fail before but never issued any error in the logs? And now it generates an error. If so, skipping those sites might be the solution.

[ces]

I agree with tm67
To be able to give a proper answer to that, we need to know, if the behavior regarding errors/warnings simply changed or if the handling itself was changed (by Veeam and/or M$). Depending on that, we might be fine with skipping them, but not in either case.
#08075542

[Nicolas1202]

Hi,

We experiencing the same issue since yesterday.
The problem concerned the OneDrive users without licenses. It seems coming from a change in Microsoft side because nothing changed in our side.
Working with manual exclusions is not an option, it will be hard to manage and it worked previously.

Thanks
Best regards,
Nicolas

[MPS79]

Hi all,

We've been having the same issue with various tenants for about a week. I also found excluding individual users 'Personal Sites' does not work.

Veeam support have said because we backup OneDrive we do not need to backup 'Personal Sites' and it can be excluded. Is that correct? I was also told by the engineer that this issue is being seen across several different version of Veeam 365 including 8.1 & 8.2. We only started having this issue a week after upgrading to 8.4.

[andre.simard]

Hi,

We are experiencing the same issue across multiple tenants.
I also agree with the others: before stating that these can be skipped from processing, we need a better understanding of the root cause.

Thank you.

[admd]

Hello all,

We are also having these two new errors for a few days now :
Failed to process site: https://XXX-my.sharepoint.com/personal/XXX. Access to this site is blocked. Please contact your administrator to resolve this problem.
Failed to process site: https://XXX-my.sharepoint.com/personal/XXX. The response status code does not indicate success: 403 (Forbidden).

They are related to users unlicensed.
Regards

[Polina]

Hi All,

There were no changes on the VB365 side. Likely, something has changed on the Microsoft side. Our RND is working on the issue.

[richardbradley]

I wanted to share some context and our current position regarding the recent Veeam alerts relating to SharePoint personal sites (OneDrive for Business) for unlicensed or archived users.

Re msobm’s comment, “At some tenants, excluding the users does not work”: excluding users specifically to suppress backup failures for SharePoint personal sites is not a scalable long‑term solution, particularly when the underlying issue is access to archived or unlicensed OneDrive data rather than a job configuration problem.

As to the alerts appearing now, whether Veeam has recently changed behaviour or not is largely secondary. In practice, most of us would quite rightly criticise a backup product if it did not surface legitimate alerts when it can no longer access objects it believes it should be protecting. These warnings are highlighting an underlying Microsoft 365 platform change rather than a purely Veeam issue.

Microsoft’s changes around OneDrive archiving and shared mailbox handling are a direct response to long‑standing behaviour where organisations retained user data indefinitely after staff departures. This created significant storage cost, governance challenges, and in some cases may have conflicted with licensing or usage agreements.

If you read Microsoft’s documentation on Shared Mailboxes and OneDrive handling, it’s clear Microsoft expects organisations to correctly handle data before accounts are decommissioned, de‑licensed, and ultimately deleted. Microsoft have also been openly communicating their plans to restrict access to unlicensed OneDrive data and introduce archiving behaviour (and associated fees) for approximately 18–24 months. This was well signposted and should not be considered an unexpected change.

Re excluding all personal sites, which was suggested by Veeam support: Veeam themselves note in their VB365 best practice and object selection documentation that backing up SharePoint personal sites should be carefully considered.
Veeam documentation reference:
https://bp.veeam.com/vb365/guide/design ... int-online

While OneDrive data resides within the personal SharePoint site, the OneDrive workload backup already protects the user’s data. Backing up the personal SharePoint site protects only the site artefacts, excluding OneDrive data. In many environments, users never customise or change their personal SharePoint site at all. As a result, backing it up adds extra load, noise, and operational complexity for data that often has little to no value.

As a service provider myself, we’ve been adjusting our best practices to align with Microsoft’s direction for some time. However, not all clients have adopted updated onboarding and offboarding processes yet, which means we are also impacted by these changes.

In the short term, our approach is to exclude impacted users to stabilise backup jobs and continue working with clients to move away from backing up SharePoint personal sites entirely. Ultimately though, I view this as a user decommissioning and data governance issue, not a backup product defect.

That said, I do understand and respect that many people here do not want to see these alerts at all. If Veeam chooses to silence or downgrade these warnings in future, I believe this should be optional and configurable, not done by default. For example, a general setting to control alert severity or suppression would allow organisations to temporarily reduce noise while they migrate to best practices, without masking genuine platform or governance issues long term. I feel that approach would strike a reasonable balance between operational flexibility and adherence to best practice.

[mkretzer]

@Polina any news on this or a statement from Microsoft? For us (optional) skipping the accounts would be a good solution.