M365 Backup - Deprecated MFA ID - Reauthorization Guide

Kaitlyn Johnson
Kaitlyn Johnson
  • Updated

Overview

The huge number of M365 users worldwide is an opportunity for us to provide email backup at the enterprise level. Dropsuite has developed a specific feature called M365 Backup in the End-User portal to accommodate it. In general, there are two flows that users can opt for while adding M365 Backup: by using Global Admin or by utilizing Service Principal Authentication (SPA), which was launched in early 2024.

M365 Backup may appear slightly more complex than other backup methods, such as IMAP. However, this complexity is not arbitrary. This is a form of compliance regulation, including security, as M365 Backup is integrated with the wider Microsoft ecosystem.

M365 Backup through Global Admin requires a device authorization setup. During this step, our system uses an Azure-based identifier (in other words, the App ID) for certain backup functionalities. Unfortunately, Microsoft has announced the deprecation of this App ID effective March 31, 2024 that impacts several features which require device authorization, such as journaling, public folder backup, and Group restore.  Information on this from the Microsoft side can be found HERE.

We are in the process of making some adjustments before the deadline (March 31, 2024), including an enhancement scheduled for release on March 18, 2024. We have removed the device authorization step for every new M365 Backup addition and replaced it with a new Exchange App that consists of necessary delegated permission. Meanwhile, the existing users who have already backed up M365 will need to complete a re-authorization.

We are committed to providing a smooth transition and best user experience. We kindly request your cooperation in informing your clients of this new process. Within this guide, you will discover the impact of deprecated App ID, the new way of adding M365 Backup, and some potential FAQs.

 

Getting Started

As a partner, you will get an email notification about the deprecated MFA App ID on March 18, 2024. Simply log in to your partner portal, find which clients are impacted by this case, then start to reauthorize M365 accounts by impersonating their login or instructing clients to reauthorize by themselves.

 

Improvements made for M365 accounts that use the Global Admin Flow

This section will explain the impact on M365 accounts that use the Global Admin flow for both existing and new. Follow these steps in how to reauthorize the existing M365 accounts:

1. Log in to the End-User portal

2. You will find the "Re-authorization Required" banner. Click the Go To Credential Settings button.

3. The system will redirect you to the Credential Settings page, then click the Re-Authorize button.

4. The system redirects you to the Microsoft landing page, then select the correct global admin email account. The global admin here refers to the email created by our system when the M365 Backup was first added.

5. Once it is successful, the system will show a green banner.
6015ca98-e106-43c4-a602-509651c9d542.jfif

 

 

M365 Backup With Service Principal Authentication (SPA) Flow

Unlike the M365 Backup with Global Admin, the M365 Backup with SPA flow is unaffected by the deprecated MFA App ID. Therefore, we highly recommend that users currently using M365 Backup with Global Admin migrate to M365 Backup with SPA as soon as possible for a better approach.

 

FAQs

What is the MFA App ID?

The MFA App ID, or Multi-Factor Authentication App ID, is a unique identifier assigned to a specific application that uses Multi-Factor Authentication. It enables administrators to manage exchange online resources via Exchange Online PowerShell.

 

Why is Microsoft planning to deprecate the App with ID a0c73c16-a7e3-456-9a95-2bdf47383716?

This App ID was specifically designed for the Exchange Online PowerShell v1 module, which has been deprecated by Microsoft.

 

When will Microsoft Deprecate MFA App ID?

March 31, 2024

 

Which Dropsuite's features are specifically affected by this issue?

For backups relying on Global Admin authorization, you won't be able to:

1. Adjust Dropsuite's Archiving product settings.

2. Perform Public Folder backups or restores.

3. Perform M365 Groups restores.

For backups relying on Service Principal Authentication (SPA), manual intervention will be necessary if Archiving configuration needs to be rebuilt.

 

Which Microsoft Tenants using Dropsuite services are affected by this issue?

All Tenants under Dropsuite service who are using the Global Admin flow.

 

What updates are made on the Dropsuite side?

Updates on the Dropsuite side:

  • A new application that consists of Exchange.Manage delegated permissions for Office365 Exchange Online
  • The existing Exchange Online App will be replaced by the new app, so customers need to re-authorize the new app
    • Authorization for Exchange.Manage allows the application to manage the organization's Exchange Environment, such as mailboxes and groups, without user interactions.
  • After re-authorization, users will be able to continue backup operations using the new app.

 

When will the update be released?

March 18, 2024

 

How will the user notice this update?

Partner users will be emailed about the deprecated MFA App ID.  On the other hand, end users will find a "Re-Authorization Required" banner on their dashboard page.

 

Will the banner be shown by the system until March 31, 2024?

The system will consistently show the banner until March 31, 2024.  Once you close the banner it will appear when you return to the dashboard page or when you log in again.

 

Why is Dropsuite asking you to take action on this matter?

Dropsuite wishes to prevent any impacts on the service we provide. Please see the details of the affected features.

 

What should partners do in order to prevent issues caused by the deprecated MFA App ID?

Partners should follow recommended steps for re-authorization or communicate said steps to appropriate end customer personnel.

 

Does this change affect any regular backup schedules from the past or planned for the future?

If tenants have already taken action based on our recommendation, there is no impact to the backup operations. However, if tenants do not take any action, there will be impact to the features as mentioned before.

 

 

Related to

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request