Veeam Backup for Microsoft Office 365 connects to on-premises Exchange organization in the hybrid or on-premises Exchange deployment using EWS and PowerShell. Authentication and secure communication of user credentials are provided as follows:
- When transferring data using EWS, the SSL secure connection is always established.
- When transferring data using PowerShell, two methods are possible:
- Use SSL with Basic authentication. This method is recommended by Microsoft as it provides secure communication of user credentials (account and password) inside the encrypted SSL channel. See the Connect to Exchange Online PowerShell article for details.
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
- Use SPN (Service Principal Name) and Kerberos authentication. To use this method, it is recommended to deploy Veeam Backup for Office 365 management server in the same domain with the Exchange server and provide it with access to the domain controller. You may also need to map the Exchange Server to the hybrid domain. Consider that this method cannot be used for multiple servers included in CAS.
Use the setspn command-line utility to map the Kerberos service principal name to a Microsoft account:
setspn -A HTTP/Mail.hybridDomain.com ExchangeHost
hybridDomain.com – name of the hybrid domain
ExchangeHost – name of Exchange server.
See the Setspn article for detais.