-
- Service Provider
- Posts: 415
- Liked: 75 times
- Joined: Jun 09, 2015 7:08 pm
- Full Name: JaySt
- Contact:
License counts when using modern app-only authentication
I was pointed to https://www.veeam.com/kb3146 in a discussion about the authentication method to use. I wanted to go for "app-only" mode.
the KB mentioned a limitation when using this mode:
The type property for shared and resource/equipment mailboxes cannot be resolved. Such mailboxes will be available for backup with a general ‘User’ type.
would this mean that i need to buy Veeam licenses for shared mailboxes as well now when using that method??
the KB mentioned a limitation when using this mode:
The type property for shared and resource/equipment mailboxes cannot be resolved. Such mailboxes will be available for backup with a general ‘User’ type.
would this mean that i need to buy Veeam licenses for shared mailboxes as well now when using that method??
Veeam Certified Engineer
-
- Product Manager
- Posts: 8045
- Liked: 1263 times
- Joined: Feb 08, 2013 3:08 pm
- Full Name: Mike Resseler
- Location: Belgium
- Contact:
Re: License counts when using modern app-only authentication
No it doesn't. However, if those shared mailboxes use a license then we will use one also. So make sure those shared mailboxes are unlicensed. In App-only mode we will query MFST to see if it is licensed or not, while before we could see it based on the type. In app-only mode, MSFT delivers us the type user for mailboxes and for shared ones where previously there was a difference. So we need to query it differently in app-mode
Makes sense?
Makes sense?
-
- Service Provider
- Posts: 415
- Liked: 75 times
- Joined: Jun 09, 2015 7:08 pm
- Full Name: JaySt
- Contact:
Re: License counts when using modern app-only authentication
ah that's good to know!
So, is it actually limitation then if the type property is queried differently but retrieved after all?
i'm working with a service provider using VBO v5b backing up alot of customers and they refuse to support app-only auth due to limitations, one of which ( according to them), is the the license overusage as a result of not being able to differentiate between user and shared/resource mailboxes. They only charge for user mailboxes. They also would have problems providing the certificate used to upload to the Azure application created.
any suggestions for responding to them?
So, is it actually limitation then if the type property is queried differently but retrieved after all?
i'm working with a service provider using VBO v5b backing up alot of customers and they refuse to support app-only auth due to limitations, one of which ( according to them), is the the license overusage as a result of not being able to differentiate between user and shared/resource mailboxes. They only charge for user mailboxes. They also would have problems providing the certificate used to upload to the Azure application created.
any suggestions for responding to them?
Veeam Certified Engineer
-
- Veeam Software
- Posts: 2994
- Liked: 711 times
- Joined: Oct 21, 2011 11:22 am
- Full Name: Polina Vasileva
- Contact:
Re: License counts when using modern app-only authentication
>> So, is it actually limitation then if the type property is queried differently but retrieved after all?
Correct. And as Mike said, it doesn't affect VBO licensing. If a user (regular or shared) is not licensed in Office 365, it won't consume a VBO license as well.
>> They also would have problems providing the certificate used to upload to the Azure application created.
There's an option to create an app automatically with VBO and use a self-signed certificate. Won't it work for them?
Correct. And as Mike said, it doesn't affect VBO licensing. If a user (regular or shared) is not licensed in Office 365, it won't consume a VBO license as well.
>> They also would have problems providing the certificate used to upload to the Azure application created.
There's an option to create an app automatically with VBO and use a self-signed certificate. Won't it work for them?
-
- Service Provider
- Posts: 415
- Liked: 75 times
- Joined: Jun 09, 2015 7:08 pm
- Full Name: JaySt
- Contact:
Re: License counts when using modern app-only authentication
When the app is deployed automatically during the onboard process, the customer would need to provide admin credentials to the service provider to do so. If a customer could prepare the app himself (either by running the wizard with the veeam software or do it completely manual), all that would be needed is the certificate from the serviceprovider to be uploaded to the application by the customer for the service provider to successfully connect to the app. So i'm looking for the leas amount of credential-exchange during onboarding.
Veeam Certified Engineer
-
- VeeaMVP
- Posts: 132
- Liked: 41 times
- Joined: Dec 12, 2013 1:23 pm
- Full Name: Tim Smith
- Location: Ohio
- Contact:
Re: License counts when using modern app-only authentication
Actually, with app-only there is no need to provide credentials to the service provider. App-only uses device code flow authentication. So, the provider can setup the org, provide the customer a code. The customer logs in with their credentials on their browser and input that code, and the veeam deployment is authorized now to setup the app registration in azure.
Tim Smith
https://tsmith.co
@tsmith_co
https://tsmith.co
@tsmith_co
-
- Service Provider
- Posts: 415
- Liked: 75 times
- Joined: Jun 09, 2015 7:08 pm
- Full Name: JaySt
- Contact:
Re: License counts when using modern app-only authentication
Yes, that could be an option.
Veeam Certified Engineer
Who is online
Users browsing this forum: No registered users and 2 guests