Restore to Azure - MFA requirement

Post by **TDog** » Mar 17, 2020 1:12 pm this post

Hi Everyone,

Our Azure tenant is tied to our MS Partner account. As a MS Partner, all our accounts that access cloud resources must have MFA enabled, even using an app password after enforcing the MFA is allowed. Per the documentation - https://helpcenter.veeam.com/docs/backu ... ml?ver=100 - MFA must be disabled and app passwords are not supported (I even tried for the heck of it). Is there any possibility of something in the works to allow for accounts with MFA? I know with the 365 backup there is an option to use modern auth and MFA by creating an Azure Application Registration, was hoping something like this might be in the works for VBR.

I could just setup another Azure tenant/subscription, but I can't link any of my MS Partner benefits to an outside tenant.

Any thoughts? Anyone in a similar situation?

Tom

Mar 18, 2020 9:11 am

Hi Tom,

As far as I know, these accounts cannot be used for now, but if I find a workaround I will update this thread.

Thanks!

Post by **TDog** » Mar 18, 2020 11:58 am this post

Thank you for the quick followup Vitaliy! Have a wonderful day!

Tom

elgwhoppo · Post by **elgwhoppo** » Jan 31, 2022 4:46 am this post

This is still true with version 11 in case anyone is wondering, hit this today.

https://helpcenter.veeam.com/docs/backu ... ml?ver=110

Post by **HannesK** » Jan 31, 2022 7:06 am this post

yep, it's something we are working on.

elgwhoppo · Feb 02, 2022 5:02 pm

So I was running into the error message AADSTS50076 : Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access.

We had MFA disabled for the user and we even had the "Default Security" setting disabled, so it really shouldn't even be doing that. We were able to log in from the Veeam VM using Web and powershell APIs with the same creds, so this was incredibly confusing.

We resolved this by changing the conditional access policy to exclude the Veeam service account user, which isn't called out in the Veeam docs, but it is required even if the user is set to disabled.

https://docs.microsoft.com/en-us/azure/ ... -condition

My good deed is done for the day.

elgwhoppo · Post by **elgwhoppo** » Feb 10, 2022 5:44 am this post

BTW, the fact that customers need to disable the "default security" setting in Azure AD or make conditional access policies to make a service account for Veeam to restore VMs is kind of not great. Hopefully this gets worked on sooner rather than later.

https://docs.microsoft.com/en-us/azure/ ... y-defaults

Dec 01, 2022 1:14 pm

Hello,
yes, V12 supports application passwords. We plan to release V12 early 2023

Best regards,
Hannes

R&D Forums

Restore to Azure - MFA requirement

Re: Restore to Azure - MFA requirement

Re: Restore to Azure - MFA requirement

Re: Restore to Azure - MFA requirement

Re: Restore to Azure - MFA requirement

Re: Restore to Azure - MFA requirement

Re: Restore to Azure - MFA requirement

Re: Restore to Azure - MFA requirement

Who is online