How the deprecation of Basic Authentication in Microsoft 365 affects CodeTwo Backup
Problem:
You would like to know if the retirement of Basic Authentication impacts CodeTwo Backup’s ability to access and back up various data in Microsoft 365 such as mailboxes, public folders, SharePoint sites, OneDrive sites, etc.
Solution:
Exchange Online in Microsoft 365
Microsoft disabled Basic Authentication in Exchange Online in all Microsoft 365 tenants as of January 2023.
The latest versions of our backup solution (2.3.x and newer) support Modern Authentication (MFA, 2FA). This means that CodeTwo Backup will continue to back up your mailboxes and public folders even when Basic Authentication is permanently disabled in Exchange Online.
CodeTwo Backup supports any Modern Authentication method, including the Microsoft Authenticator app. When configuring a connection to your tenant (Exchange Online), you can either:
- use an account in your Microsoft 365 tenant that is assigned the Global Administrator or Privileged Role Administrator role (also with MFA enabled) to automatically register our application in the tenant’s Microsoft Entra ID (Azure Active Directory), or
- register CodeTwo Backup manually in your Entra ID, and then provide the registration details in the Exchange connection configuration wizard (learn more).
Either way, once the registration is completed, CodeTwo Backup will appear on the Enterprise applications list in Entra ID. The application will be assigned permissions to access the data to be backed up and a unique certificate (or client secret) that allows to securely authenticate CodeTwo Backup by means of a token (OAuth 2.0 authorization).
SharePoint/OneDrive for Business in Microsoft 365
While the retirement of Basic Authentication in Exchange Online doesn’t affect SharePoint Online or OneDrive for Business, we’ve future-proofed CodeTwo Backup from version 2.4.x to fully support Modern Authentication (OAuth 2.0) for SharePoint connections. This means you can enjoy the added security that comes with this modern authentication method in Microsoft 365.
Note that Microsoft has been actively pushing Modern Authentication for Microsoft 365 admins:
- Starting October 2024, Multi-Factor Authentication (MFA) will be required for admin accounts in Entra ID, and MFA only works with Modern Authentication. You can delay this until March 15, 2025, but it’s a good idea to get ready now to avoid any issues connecting to SharePoint Online with legacy credentials later. Learn more
- Microsoft has also rolled out Security defaults that disable legacy protocols in Microsoft 365 tenants (since October 22, 2019, for new tenants). You can turn off Security defaults if you need to use Basic Authentication, but it’s better to avoid using legacy credentials altogether.
Just like with Exchange Online, the SharePoint connection wizard in CodeTwo Backup lets you automatically or manually register the app in your tenant’s Microsoft Entra ID. Once registered, it will show up in the Enterprise applications list, get the necessary permissions to access your backup data and receive a unique certificate to securely authenticate using OAuth 2.0.
If you need to perform certain tasks that still require Basic Authentication (restoring custom web part page layouts or surveys that don't allow for multiple responses), CodeTwo Backup gives you the option to use legacy admin credentials in the SharePoint connection wizard. Learn more
Troubleshooting
If you should experience any problems related to accessing data in Microsoft 365 with our backup software, make sure you’re using the latest version of CodeTwo Backup and perform the update if necessary. Also, feel free to contact our Customer Success Team if you have any further queries.
Related products: | CodeTwo Backup for Office 365 |
Categories: | FAQ |
Last modified: | October 2, 2024 |
Created: | November 14, 2022 |
ID: | 1008 |