Veeam Backup for Microsoft Office 365 uses the following components to connect to Microsoft Exchange and Microsoft SharePoint organizations:
- Exchange Web Services (EWS) and PowerShell to connect to On-Premises Microsoft Exchange organizations.
- SharePoint Client Object Model (CSOM) and Windows Remote Management to connect to On-Premises Microsoft SharePoint organizations.
- Microsoft Graph to connect to Microsoft Office 365 organizations.
To be able to connect to On-Premises SharePoint organizations, you must configure Windows Remote Management. For more information, see this Microsoft article.
Authentication for Exchange Organization
Using Exchange Web Services (EWS)
When transferring data using EWS, a SSL connection is always established.
When transferring data using PowerShell, two methods are possible:
- Use SSL with Basic authentication
This method is recommended by Microsoft as it provides secure communication of user credentials (account and password) inside the encrypted SSL channel. For more information. see Connect to Exchange Online PowerShell.
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
- Use SPN (Service Principal Name) and Kerberos authentication.
To use this method, it is recommended to deploy Veeam Backup for Microsoft Office 365 management server within the same domain as the Exchange server and provide access to the domain controller. You may also need to map the Exchange server to the hybrid domain. Consider that this method cannot be used for multiple servers included in CAS.
Use the setspn command-line utility to map the Kerberos service principal name to the Microsoft account. For more information, see this Microsoft article.
setspn -A HTTP/Mail.hybridDomain.com ExchangeHost