Managing Certificates

Veeam Data Cloud for Microsoft 365 uses a security certificate, also referred to as a TLS certificate, to encrypt data transmitted between your Microsoft 365 environment and the Veeam Data Cloud application. To maintain the continuous and secure encryption of your data during the transmission between your Microsoft 365 environment and Veeam Data Cloud, you may be required to reauthenticate your connection, similar to the initial setup process. If your TLS certificate has expired, your backup policies will start failing with the following error message:

Error

AADSTS700027: Client assertion contains an invalid signature. [Reason - The key used is expired., Thumbprint of key used by client: 'ID', ... ]

Veeam Data Cloud for Microsoft 365 allows you to either generate a new Veeam Data Cloud certificate or upload a custom certificate.

Generating New Certificate

To generate a new Veeam Data Cloud certificate, do the following:

  1. Log in to Veeam Data Cloud for Microsoft 365 with an administrator account.
  2. In the main menu, click Settings.
  3. In the Settings menu, click System.
  4. In the SSL Certificate section, click Generate a new certificate.

Generate New Certificate

  1. Copy the code that Veeam Data Cloud for Microsoft 365 provides on the next screen.
  2. Follow the https://microsoft.com/devicelogin, paste the code and follow the suggested steps.
  3. Once the Microsoft steps have been completed, click Generate in Veeam Data Cloud for Microsoft 365.

Uploading Custom Certificate

If the certificate expires or you want to reauthenticate your connection, you can upload a custom certificate to Veeam Data Cloud. You must first create a certificate and assign it to your application in Microsoft Entra ID, export it (or export an existing certificate) and then upload it to Veeam Data Cloud for Microsoft 365.

To upload a custom certificate to Veeam Data Cloud, do the following:

  1. Log in to Microsoft Entra ID, create a certificate, assign it to the application registration and export the certificate (or export an existing certificate assigned to the application).
  2. Log in to Veeam Data Cloud for Microsoft 365 with an administrator account.
  3. In the main menu, click Settings.
  4. In the Settings menu, click System.
  5. In the SSL Certificate section, click Upload a custom certificate.

Upload Custom Certificate

  1. Copy the code that Veeam Data Cloud for Microsoft 365 provides on the next screen.

Import Custom Certificate

  1. Follow the https://microsoft.com/devicelogin, paste the code and follow the suggested steps.
  2. In the Select Certificate file (.pfx) field, upload the certificate file that you assigned to the application registration in Microsoft Entra ID.
  3. In the Password (Optional) field, only type the password if you have exported the certificate with password protection enabled.
  4. Click Import.