Maintain control of your Microsoft Office 365 data
Post Reply
cfortenbery
Influencer
Posts: 12
Liked: never
Joined: Oct 30, 2018 7:20 pm
Full Name: Curt Fortenbery
Location: Atlanta, GA

Best Practices for Restore: what account to use

Post by cfortenbery »

So if you have a MFA (multi-factor authentication) service account created for VBO365 in order to add and back up the organization, what account do you use to perform restores? When trying to perform a restore to an Exchange mailbox and using the MFA service account for permission, it goes through the MFA process and then after entering in the token key sent to the assign phone number for that MFA service account, we get the following error:
AADSTS500113: No reply address is registered for the application

In research it appears to be related to the request URI and that the default user type setting specified in the following Microsoft link should probably be set to a "public client" (which is a scary thing for Microsoft to call it LOL):
https://docs.microsoft.com/en-us/azure/ ... gistration

So all exchange needs (from a high level) is an account with global admin and the impersonation role in order to restore to any email account in the organization, right? So what does Veeam recommend as a best practice for doing restores: should we be using the MFA service account with the app registration default user type set to "public client" or should the VBO365 admins be using their own global admin accounts with impersonation role granted in order to perform restores?

Just looking for guidance....Thanks!

Mike Resseler
Product Manager
Posts: 6153
Liked: 718 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Best Practices for Restore: what account to use

Post by Mike Resseler »

Hi Curt,

Yes, using an account with app registration is indeed what we prefer. This account or app ID does not have to be the same as the one that is used by the service itself. You can create multiple different ones, you just need to give the ID enough rights.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests