We backup all of our O365 group mailboxes with the exchange mailbox agent and the dynamic content „All O365 group mailboxes“.
We configured modern authentication.
If a backup is running, then commvault will add the service account as a member to every O365 group without an owner or only disabled owners. This does not happen for groups with a valid owner.
Can anyone explain, why this happens?
In the job log I found only „GetO365GroupOwnerAny - Found 0 owners for groups“.
Best answer by Henry LayView original
When using Modern Authentication, the archive job will only use the Azure App. There is no need to add a service account. This was resolved from Feature Release (FR) 20. What FR or SP (Service Pack) is your access node on?
Are you seeing in O365, that the service account gets added or were you checking the logs and noticed that log line?
Our access node is on 11.22.3.
I checked the Azure AD log and found that one service account (we have 10) was added to some O365 groups.
I checked the groups and all affected groups have no valid (activated and not guest user) owner and member - only the CV service account is member now.
Thank you for that additional info. Sounds like you’ve got some orphaned groups. I’ll do some digging on this behaviour and will get back to you on this.
I received confirmation for any Groups without members (regardless of having an owner or not), we will add the service account as a member to it to try and back it up. This is expected behaviour.
Thanks for confirmation!
Do you know the reason this is being done?
Not a problem. It’s done this way to be able to backup the orphaned group (group with no members).