The Blog of Jorge de la Cruz

Everything about VMware, Veeam, InfluxData, Grafana, Zimbra, etc.

Veeam: Detailed HTML Organization Report for Veeam Backup for Microsoft 365 is now available – Community Project

- Written in: veeam

Greetings friends, I am on a roll with Veeam Backup for Microsoft 365 it seems, just take a look at the latest Blog Posts in case you missed them:

Back in April 2022, I moved to Veeam Product Management. It has been great so far, and one of the duties the job includes is to take care of the forums, helping as much as I can to Customers, Partners, enthusiasts using the Community Editions, etc.

For example, an Engineer that works in a Veeam Service Provider, Kay van Aarssen, posted on the forums what I’ve considered a very valid point. He was asking for a simple way to double-check how the Microsoft 365 Organizations have been added to Veeam Backup for Microsoft 365: which are using Basic Auth or using Modern Auth. And going on the GUI manually, one by one would not be easy with hundreds of Organizations.

Why is this important?

Well, when you are the owner of your tenant, you most likely can change, and push for the change. But if you are managing hundreds, if not thousands of different tenants, you would appreciate a central report for this.

Knowing what type of authentication the different tenants are using is quite important, as per Microsoft’s Official statement, Basic Auth has been discontinued for new Tenants, whilst being slowly disabled for production tenants. With a deadline of October 2022, you, and your Tenants/Customers, are better not to wait to see what happens after. Plus using basic auth is really insecure anyways.

Veeam Backup for Microsoft 365 RESTful API to the rescue

You have seen it on this blog many times, with a powerful RESTful API, you can build everything you dream of, for example:

And on the specific case to know which tenants are using Basic Auth, and which ones are using already Modern Auth, Veeam can help us with a simple RESTful API query.

The Endpoint we will use is the Organizations one, and we will use the element called useApplicationOnlyAuth to understand if the Organization is using Modern, or Basic Auth, an example from the Swagger:

Knowing all of this, it is now time to build.

Topology with all the logical components

This entry is quite new, as I have never done any HTML Report from Bash, it was quite good, with and great learning curve, tons of echos on the code, a diagram that looks like this:

As we can see, the shell script will download the Organization data from Veeam Backup for Microsoft 365 using the RESTful API, which will then be put together into a nice HTML Report, and sent to the Backup Admin, or Backup Admins.

Small system requirements before we continue

We will need two small system requirements before we continue, first will be JQ, which is a package that helps us parse the JSON, let’s go and install it, yum install if CentOS:

apt-get install jq

The second one is related to the ability to send emails. I am using an advanced package called s-nail, so let’s go ahead and install it:

apt-get install s-nail

As we do not want them to go to SPAM, we will use an external mail server to send these emails, to do this, we will edit the local configuration file of the package:

vi ~/.mailrc

And add the following to the file, which was probably empty, change the server, user and pass with your own:

set smtp-use-starttls
set ssl-verify=ignore
set smtp=smtp://YOURSMTPSERVER:587
set smtp-auth=login
set smtp-auth-user="[email protected]"
set smtp-auth-password="YOURPASSWORD"
set from="[email protected]"

That’s it! Let’s move on to the next thing.

Download, and configure the veeam_microsoft365_modernauth_report.sh script.

We have almost everything ready, we have one last step, the script that will make all this work, we will download the latest version from the Github repository:

This shell script can be downloaded and run from any Linux, it will need to have access to the Veeam Backup for Microsoft 365 RESTful API, which is HTTPS, and Port 4443. We will have to edit the configuration parameters, email, plus IP of your Veeam Backup for Microsoft 365, user/pass, etc.:

# Configurations
##
# Endpoint URL for login action
veeamUsername="YOURVEEAMBACKUPUSER"
veeamPassword="YOURVEEAMBACKUPPASS"
veeamRestServer="YOURVEEAMBACKUPFORMICROSOFT365IP"
veeamRestPort="4443" #Default Port

## System Variables
reportPath="/home/oper/vb365_daily_reports"
email_add="CHANGETHISWITHYOUREMAIL"
reportDate=$(date "+%A%B%d%Y")

Once the changes are done, make the script executable with chmod:

chmod +x veeam_microsoft365_modernauth_report.sh

We run it, it should not be any output at all, so no errors, once finished checking the reports path and see if you have an HTML Report there:

root@tig-monitor:/home/oper# ls -la vb365_daily_reports/
-rw-r--r--  1 root root 4547 Apr 14 14:23 Microsoft365-ModernAuth-Report-ThursdayApril142022.html

There, all good and ready!

HTML Organization Auth Report for Veeam Backup for Microsoft 365

In the case that all the email configuration is alright, SmartHost, etc. You should receive a very nice email like this, with all the organizations and their Auth method used on VB365:

As said, absolutely amazing to see all of this in a single place, quick to execute, and hopefully really useful, demonstrating proactivity to your tenants.

That’s it all, I am planning to add much more details to these HTML Reports, as I can see there seems to be a lot of demand for them.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.