- Veeam: How to restrict the login to certain users to the Restore Portal from Veeam Backup for Microsoft 365 v6
- Veeam: How to add new URLs to be able to log in on the new Restore Portal from Veeam Backup for Microsoft 365 v6
- Veeam: How to enable multi-tenant on the new Restore Portal on Veeam Backup for Microsoft 365 v6
- Veeam: How to install a valid SSL Certificate (Let’s Encrypt) for the new Restore Portal on Veeam Backup for Microsoft 365 v6
- Veeam: How to Enable the new Restore Portal (self-service) for Veeam Backup for Microsoft 365 v6
- Veeam: Veeam Backup for Microsoft 365 v6 – New, and Enhanced API Endpoints around Security
- Veeam: What’s New in Veeam Backup for Microsoft 365 v6
Back in April 2022, I moved to Veeam Product Management. It has been great so far, and one of the duties the job includes is to take care of the forums, helping as much as I can to Customers, Partners, enthusiasts using the Community Editions, etc.
For example, an Engineer that works in a Veeam Service Provider, Kay van Aarssen, posted on the forums what I’ve considered a very valid point. He was asking for a simple way to double-check how the Microsoft 365 Organizations have been added to Veeam Backup for Microsoft 365: which are using Basic Auth or using Modern Auth. And going on the GUI manually, one by one would not be easy with hundreds of Organizations.
Why is this important?
Well, when you are the owner of your tenant, you most likely can change, and push for the change. But if you are managing hundreds, if not thousands of different tenants, you would appreciate a central report for this.
Knowing what type of authentication the different tenants are using is quite important, as per Microsoft’s Official statement, Basic Auth has been discontinued for new Tenants, whilst being slowly disabled for production tenants. With a deadline of October 2022, you, and your Tenants/Customers, are better not to wait to see what happens after. Plus using basic auth is really insecure anyways.
Veeam Backup for Microsoft 365 RESTful API to the rescue
You have seen it on this blog many times, with a powerful RESTful API, you can build everything you dream of, for example:
- Looking for the Perfect Dashboard: InfluxDB, Telegraf, and Grafana – Part XIII: Veeam Backup for Microsoft Office 365
- Next-gen Office 365 backup security auditing and reporting
- Veeam: Detailed HTML Daily Report for Veeam Backup for Microsoft 365 is now available – Community Project
And on the specific case to know which tenants are using Basic Auth, and which ones are using already Modern Auth, Veeam can help us with a simple RESTful API query.
The Endpoint we will use is the Organizations one, and we will use the element called useApplicationOnlyAuth to understand if the Organization is using Modern, or Basic Auth, an example from the Swagger:
Topology with all the logical components
This entry is quite new, as I have never done any HTML Report from Bash, it was quite good, with and great learning curve, tons of echos on the code, a diagram that looks like this:
As we can see, the shell script will download the Organization data from Veeam Backup for Microsoft 365 using the RESTful API, which will then be put together into a nice HTML Report, and sent to the Backup Admin, or Backup Admins.
Small system requirements before we continue
We will need two small system requirements before we continue, first will be JQ, which is a package that helps us parse the JSON, let’s go and install it, yum install if CentOS:
apt-get install jq
The second one is related to the ability to send emails. I am using an advanced package called s-nail, so let’s go ahead and install it:
apt-get install s-nail
As we do not want them to go to SPAM, we will use an external mail server to send these emails, to do this, we will edit the local configuration file of the package:
And add the following to the file, which was probably empty, change the server, user and pass with your own:
set smtp-use-starttls set ssl-verify=ignore set smtp=smtp://YOURSMTPSERVER:587 set smtp-auth=login set smtp-auth-user="[email protected]" set smtp-auth-password="YOURPASSWORD" set from="[email protected]"
That’s it! Let’s move on to the next thing.
Download, and configure the veeam_microsoft365_modernauth_report.sh script.
We have almost everything ready, we have one last step, the script that will make all this work, we will download the latest version from the Github repository:
This shell script can be downloaded and run from any Linux, it will need to have access to the Veeam Backup for Microsoft 365 RESTful API, which is HTTPS, and Port 4443. We will have to edit the configuration parameters, email, plus IP of your Veeam Backup for Microsoft 365, user/pass, etc.:
# Configurations ## # Endpoint URL for login action veeamUsername="YOURVEEAMBACKUPUSER" veeamPassword="YOURVEEAMBACKUPPASS" veeamRestServer="YOURVEEAMBACKUPFORMICROSOFT365IP" veeamRestPort="4443" #Default Port ## System Variables reportPath="/home/oper/vb365_daily_reports" email_add="CHANGETHISWITHYOUREMAIL" reportDate=$(date "+%A%B%d%Y")
Once the changes are done, make the script executable with chmod:
chmod +x veeam_microsoft365_modernauth_report.sh
We run it, it should not be any output at all, so no errors, once finished checking the reports path and see if you have an HTML Report there:
root@tig-monitor:/home/oper# ls -la vb365_daily_reports/ -rw-r--r-- 1 root root 4547 Apr 14 14:23 Microsoft365-ModernAuth-Report-ThursdayApril142022.html
There, all good and ready!
HTML Organization Auth Report for Veeam Backup for Microsoft 365
In the case that all the email configuration is alright, SmartHost, etc. You should receive a very nice email like this, with all the organizations and their Auth method used on VB365:
That’s it all, I am planning to add much more details to these HTML Reports, as I can see there seems to be a lot of demand for them.