Skip to main content
Solved

Office 365 & AzureAD authentication methods


Forum|alt.badge.img+1

We want to configure backups for Office 365 & AzureAD.

According to the documentation the most secure method currently available is by registering (multiple) apps which can be configured manually or automatically when using a global admin with temporary MFA disabled.

The only possible authentication method seems to be clients secrets which is better than service accounts for sure, but I wouldn’t call it the most secure method either.

Not sure if (Azure) conditional access can be applied to the app registrations.

Is there any other way possible, such as certificates or even managed identities ?

It seems Commvault has possibilities in that direction but only for Azure VM’s.

Kind regards,

Tom

Best answer by Chris Hollis

Hi @Tom Pirot

Thanks for your patience.

Received confirmation our develpoment team are working on adding support for certification based authentication - currently in the R&D phase with no timeline available for me to share. 

Currently, the only supported method is via azure apps with secret keys.

If you’d like, you can create a Change Modification Request via this process: https://documentation.commvault.com/2022e/essential/133935_creating_customer_modification_request_from_commcell_dashboard.html - you can then track it’s progress.

I hope this helps and thanks again!

 

Regards,

Chris
 

View original
Did this answer your question?

4 replies

Chris Hollis
Vaulter
Forum|alt.badge.img+15

@Tom Pirot 

Good question, I don’t see anything about this at the moment however i’ll see if I can find out and get back to you in the coming days.

Thanks,

Chris 


Chris Hollis
Vaulter
Forum|alt.badge.img+15
  • Vaulter
  • 333 replies
  • Answer
  • April 11, 2023

Hi @Tom Pirot

Thanks for your patience.

Received confirmation our develpoment team are working on adding support for certification based authentication - currently in the R&D phase with no timeline available for me to share. 

Currently, the only supported method is via azure apps with secret keys.

If you’d like, you can create a Change Modification Request via this process: https://documentation.commvault.com/2022e/essential/133935_creating_customer_modification_request_from_commcell_dashboard.html - you can then track it’s progress.

I hope this helps and thanks again!

 

Regards,

Chris
 


Forum|alt.badge.img+1
  • Author
  • Bit
  • 3 replies
  • April 24, 2023

Thanks @Chris Hollis !


Forum|alt.badge.img+2
  • Bit
  • 3 replies
  • September 12, 2024

Any update on this topic? 

We’re currently trying to configure bacups of our Azure SQL Instance and the config still requires either a local SQL account or an Entra Account.  SQL Local accounts are disabled by default and we have MFA enforced on the entra accounts.  So, we’d need a security exclusion to disable this for our Entra account.  not good.  I tried to use certificate auth on the service account but this also looks to not be an option during configuring the backups.

Ultimately we’d like to simply use a Service Principal to login with.  

Any feedback on the current status would be greatly appreciated.

Shaun


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings