Hiya,
We have recently been implementing the MS Security Score recommendations for a few clients, and one of the recommendations is that all O365/Azure accounts that have admin level roles should have MFA enabled.
Some of these roles include the Exchange Admin role and the Sharepoint Admin role (as well as eg Global admin etc), both of which are currently assigned to the user account that we have configured for Veeam O365 to do its backups. Lets call it Veeam365@domain.com
This is the only account with Admin roles that is there that I cannot think of a way to utilise MFA for in order to mark off this Security Score as completed and done.
Any ideas? Obviously can't use eg a phone number or Authenticator app or something, as the backups run on schedule at eg 2am.
I mean one easy solution is just mark that Security Score entry as 'risk accepted', but I am just curious if there is some method to utilise MFA for this account?
I am guessing that the account for the O365 backups does definitely need those two Admin roles in order to backup Exchange and Sharepoint data successfully, and given the state of hacks these days, it does seem like a bit of a hole in the security if the V365 account has those admin permissions but cannot be reasonably secured any further than just a username and password.
Thoughts?
Thank you
-
- Novice
- Posts: 3
- Liked: never
- Joined: Nov 25, 2022 3:08 am
- Full Name: Geoff
- Contact:
-
- Product Manager
- Posts: 8181
- Liked: 1314 times
- Joined: Feb 08, 2013 3:08 pm
- Full Name: Mike Resseler
- Location: Belgium
- Contact:
Re: MFA for Veeam O365 account?
Hey Geoff,
You should implement it with an application registration, see here: https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=60
If you do it through our automated wizard, then an account will be requested, but note that this admin you need is simply used that one time (so you can do it with MFA and the authenticator app) to create the app registration.
You should implement it with an application registration, see here: https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=60
If you do it through our automated wizard, then an account will be requested, but note that this admin you need is simply used that one time (so you can do it with MFA and the authenticator app) to create the app registration.
-
- Novice
- Posts: 3
- Liked: never
- Joined: Nov 25, 2022 3:08 am
- Full Name: Geoff
- Contact:
Re: MFA for Veeam O365 account?
Ah great, yes I was thinking of that last night.
Checking the admin level account that is listed with Veeam 365 installation, O365 says that it has not logged in since mid last year when it was last configured, so that makes sense.
Thanks heaps and have a great day
Checking the admin level account that is listed with Veeam 365 installation, O365 says that it has not logged in since mid last year when it was last configured, so that makes sense.
Thanks heaps and have a great day
Who is online
Users browsing this forum: No registered users and 10 guests