Maintain control of your Microsoft Office 365 email data
Mike Resseler
Veeam Software
Posts: 5000
Liked: 530 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Veeam for Office 365 and Two Factor?

Post by Mike Resseler » Oct 11, 2017 2:52 pm

No news Michael at this moment

stvajnkf
Enthusiast
Posts: 43
Liked: 8 times
Joined: Jan 03, 2017 5:25 pm
Full Name: nothanks@no.com
Contact:

Re: Veeam for Office 365 and Two Factor?

Post by stvajnkf » May 04, 2018 7:28 pm

I am currently using the competing product CodeTwo Backup for Office 365. I am comparing features with Veeam, and this feature is one of the few that CodeTwo has you beat. CodeTwo has had 2FA since Jan 29 2018. Can you share an estimated timeline for when this feature will be ready in Veeam backup for 365?

Thanks.

Mike Resseler
Veeam Software
Posts: 5000
Liked: 530 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Veeam for Office 365 and Two Factor?

Post by Mike Resseler » May 07, 2018 7:35 am

I have no timeline for this at this moment. But how do you do this for the account that connects as a service? Does it also use 2FA?

stvajnkf
Enthusiast
Posts: 43
Liked: 8 times
Joined: Jan 03, 2017 5:25 pm
Full Name: nothanks@no.com
Contact:

Re: Veeam for Office 365 and Two Factor?

Post by stvajnkf » May 07, 2018 7:50 pm

Mike Resseler wrote:I have no timeline for this at this moment. But how do you do this for the account that connects as a service? Does it also use 2FA?
I don't understand the question. I think the actual Office 365 admin credentials that CodeTwo uses to backup all our Office 365 accounts can have 2FA enabled in Office 365. Then in the backup program, instead of typing that user's normal 365 password, we would type the user's generated "app password". The benefit is that the actual admin password doesn't have to be stored anywhere in a 3rd party program, and the obvious benefits of 2FA on the website login.

The details are here: https://www.codetwo.com/kb/using-mfa-wi ... -software/

I actually don't use the 2FA feature yet, but I recently started looking at improving the security of our Office365 account, and that's when I learned that Veeam now has a Office365 backup program. I started comparing the feature list of both programs, and found that this 2FA is something I would like to start using, but can't if I switch to Veeam.

Mike Resseler
Veeam Software
Posts: 5000
Liked: 530 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Veeam for Office 365 and Two Factor?

Post by Mike Resseler » May 08, 2018 7:15 am

Thanks for the additional information. As said, I won't have this in the next version but the additional information is interesting for me to dive into further. In all honesty, 2FA for me makes sense for users, but I am not too familiar (yet ;-)) with app passwords and their security. Something to learn about :-)

frankive
Service Provider
Posts: 849
Liked: 100 times
Joined: May 14, 2013 8:35 pm
Full Name: Frank Iversen
Location: Norway
Contact:

Re: Veeam for Office 365 and Two Factor?

Post by frankive » May 16, 2018 11:18 am

"app passwords" is just a buypass of the 2fa and is NOT something you want to use. In that case Veeam (and all other clients wo can connect to an exchange account) does support MFA, which is not the case..

What you should do is buy Azure Ad Premium so you can use more advanced capabilites of the MFA like whitelite on your wan-ip. Then you can whitelist the ip where the backup is starting their connection, f.ex you Office 365 Backup server.

Just my 2 cents.

Ruzaila
Certified Trainer
Posts: 14
Liked: 2 times
Joined: Dec 21, 2016 7:49 am
Full Name: Rose HERDEN
Contact:

Re: Veeam for Office 365 and Two Factor?

Post by Ruzaila » Jun 26, 2018 5:48 am

Hoping this is not too late but I use App passwords on my Demo environment. Here are some of the issues I've encountered:

Just to paint a picture I have been playing with 2 admin accounts (2FA) and one semi admin account. Fully deployed on O365.
Account details:
Administrator@demo.com
User1@demo.com
reports@demo.com

* I initially configured this with User1. Not best practice to use a User account when configuring but I wanted to test changing accounts around. Through an arduous long process and cursing, it finally worked with App passwords.
* Time to swap things around! I edited the organization to configure as Administrator. The EWS Connection can be finicky and will time out with a 401 but Powershell will pass. Eventually it fixes itself. There is a KB out there for this (2440) but all it took for me was to exit the Configuration and attempt it again. I'll update if this causes backup issues but so far so good with a few tests.
* App passwords, although terrible for future setups/modifications might be the way to go for a highly secure environment. Just make sure that the address used for reporting is NOT using an app password. It really did not like my app password.
When you use an app password it throws a 5.7.60 SMTP error and I've tried multiple fixes even changing the SMTP to my "demo.mail.protection.outlook.com", port 25/587. I authenticated it against an account (reports) that does not require 2FA but has some other Admin rights on EAC.
* Probably not the right place to put this but attempting to connect to Powershell (not via Agent) to perform login tests did not work at all. I only tested this so I can attempt to understand why the Agent refused to add the organization.

I hope this helps!
Rose Herden
General Manager | Technical Trainer
Saxons Learning Solutions

Mike Resseler
Veeam Software
Posts: 5000
Liked: 530 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Veeam for Office 365 and Two Factor?

Post by Mike Resseler » Jun 26, 2018 5:51 am

Rose,

Thank you! This is great information. Our QC department is prepping the release so is very busy at this moment but once they get more time (which will probably be after release of v2) I will make sure they test this out as well!

Many thanks again!
Mike

frankive
Service Provider
Posts: 849
Liked: 100 times
Joined: May 14, 2013 8:35 pm
Full Name: Frank Iversen
Location: Norway
Contact:

Re: Veeam for Office 365 and Two Factor?

Post by frankive » Jun 29, 2018 7:24 am

why not use ip-whitelisting? as long as the data is encrypted in transit and rest, and you protect your environment for the public ip you should have a secure setup.

stvajnkf
Enthusiast
Posts: 43
Liked: 8 times
Joined: Jan 03, 2017 5:25 pm
Full Name: nothanks@no.com
Contact:

Re: Veeam for Office 365 and Two Factor?

Post by stvajnkf » Nov 12, 2018 9:04 pm

As of version 2.0.0.567 and 11/12/2018, two-factor authentication is still not working for the main service account that lets Veeam connect to the Office 365 server. It fails when it tries to connect to Microsoft Graph, preventing me from going any further with the backup job setup.

Polina
Veeam Software
Posts: 359
Liked: 42 times
Joined: Oct 21, 2011 11:22 am
Full Name: Polina Vasilyeva
Contact:

Re: Veeam for Office 365 and Two Factor?

Post by Polina » Nov 12, 2018 9:33 pm 1 person likes this post

Hi stvajnkf,

Version 2.0 (GA build 2.0.0.567) doesn't provide MFA support. We're working to implement it in the future releases.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest