If you have configured Milut-Factor Authentication in O365 you may have issues leveraging Cloud backup. This article describes how to resolve that issue.
Multi-Factor Authentication (MFA) increases the security of user logins for cloud services by requiring more than a simple password. For more information, see Multi-Factor Authentication for Office 365.
Microsoft currently does not support Multi-Factor Authentication (MFA) via an App Password for Office365 PowerShell commands. This prevents the SkyKick platform from automating the authentication process for Cloud Backup.
Cloud Backup only makes PowerShell calls for the Global Admin. This is a limit Microsoft itself imposes on 3rd party API users at this time, and Unitrends cannot work around. Therefore, MFA must be turned off (and remain turned off) for the Global Admin on the account for backup and restore to function with any vendor's service.
If a customer wants all users (including the Global Admin) to have MFA turned on, the following can be done:
- Create an unlicensed service account with Global Admin permissions in Office 365 specifically for the Cloud Backup subscription.
- Use this account as the Global Admin for Cloud Backup
- Do not enable MFA for this account
Important: Unitrends O365 Cloud Backup automation also creates additional non-MFA-enabled Global Admins within the Office 365 tenant to streamline backup processes. To maintain full functionality, these must not be changed or deleted. For more information, see Why does Cloud Backup create unlicensed Global Administrator accounts?