Skip to content
11:11 Systems
Rethink Connected
11:11 Systems11:11 Systems
  • Why 11:11
    • Submenu
      • Column 1
        • Cloud Console
          Cloud Console
          Compliance
          Compliance

      • Column 2
        • Global Regions
          Cloud Regions
          Catalyst
          Planning and Assessment

      • WHY CHOOSE 11:11
      • Overview
      • Leadership
      • News & Media
      •  
      • Careers
      • Technology Partners
      • Customer Stories
  • Products & Services
    • Products & Services
      • CLOUD
      • Cloud Overview
      • Public Cloud
      • Private Cloud
      • Object Storage
      • Cloud Labs
      • Colocation/Bare-Metal
      • BACKUP
      • Backup Overview
      • Veeam Backup
      • Microsoft 365 Backup
      • Managed Backup for Cohesity
      • DISASTER RECOVERY
      • DRaaS Overview
      • DRaaS for Veeam
      • DRaaS for Zerto
      • DRaaS for Azure
      • Autopilot
      • SECURITY
      • Security Overview
      • Continuous Risk Scanning
      • Managed SIEM
      • Managed EDR
      • Managed Firewall
      • CONNECTIVITY
      • Connectivity Overview
      • SD-WAN
      • Multi-Cloud Connect
      • Managed IP
  • Solutions
    • Solutions Submenu
      • INDUSTRY
      • Education
      • Financial
      • Government
      • Healthcare
  • Partners
    • Partners Submenu
      • Overview
      • Become a Partner
      • Partner Portals
  • Resources
    • Resources Submenu
      • Events
      • Webinars
      • News & Media
      • White Papers
      • Podcast
      • Data Sheets
      • Customer Stories
      • Innovation Blog
  • Support
    • Support Submenu
      • Contact Support
      • Product Documentation
      • API Documentation
Search:
  • Console Login
  • Contact
Header Right Menu
Free Trial
  • Why 11:11
    • Cloud Console
    • Compliance
    • Cloud Regions
    • Planning and Assessment
    • WHY CHOOSE 11:11
    • Overview
    • Leadership
    • News & Media
    • Careers
    • Technology Partners
    • Customer Stories
    • Blog
  • Products & Services
    • CLOUD
    • Cloud Overview
    • Public Cloud
    • Private Cloud
    • Object Storage
    • Cloud Labs
    • Colocation/Bare-Metal
    • BACKUP
    • Backup Overview
    • Veeam Backup
    • Microsoft 365 Backup
    • Managed Backup for Cohesity
    • DISASTER RECOVERY
    • DRaaS Overview
    • DRaaS for Veeam
    • DRaaS for Zerto
    • DRaaS for Azure
    • Autopilot
    • SECURITY
    • Security Overview
    • Continuous Risk Scanning
    • Managed SIEM
    • Managed EDR
    • Managed Firewall
    • CLOUD CONNECTIVITY
    • Connectivity Overview
    • SD-WAN
    • Multi Cloud Connect
    • Managed IP
  • Solutions
    • INDUSTRY
    • Education
    • Financial
    • Government
    • Healthcare
    • Column 2
  • Partners
    • Overview
    • Become a Partner
    • Partner Portals
  • Resources
    • Events
    • Webinars
    • News & Media
    • Whitepapers
    • Podcast
    • Datasheets
    • Customer Stories
    • Innovation Blog
  • Support
    • Contact Support
    • Success Center
    • API Documentation
  • Contact
  • Console Login
  • Free Trial
Tags: MFAVBRpreviewmulti-factor authenticationVBR v12Veeam 12securityVeeam
Author: Jim Jones
Date: February 7, 2023

Veeam 12 Preview: Multi-Factor Authentication

With  ransomware  and cybersecurity attacks  in the news almost daily, disaster recovery applications are looking to features that take defense and protections very seriously. Often the easiest rung to reach in terms of good application security is having Multi-Factor Authentication (MFA) required for logins. For many people, MFA is old hat, but for those who are unfamiliar with it, modern MFA can take various forms. Here are some examples:

  • SMS Authentication: includes codes that are pushed from the website to you via SMS text messages. This is better than not have any security at all, but it is also easily spoofable.
  • OTP Apps: includes apps such as Google Authenticator, Authy or 1password that provide the codes based on scanning a QR code typically to setup then using your mobile device to generate the code
  • Push MFA: apps such as Duo or Gmail that when you authenticate it triggers a push notification to a particular instance of a mobile app that is also authenticated

With Veeam Backup and Replication v12 upcoming release, Veeam is now supporting OTP App MFA in their console application. This takes a little bit of setup. In my particular experience, it is a little quirky, but it does definitely work. Let’s walk through how to put this in effect.

How to Enable MFA in VBR v12

  1. Once you have v12 Console installed, either the local or remote version, open it and navigate to Users and Roles.
  2. MFA in VBR is not supported with any use of groups. By default, members of the local Adminstrators group are given the Veeam Backup Administrator role. So we need to start by adding your own login first. You can do this with the Add button.

    If you weren’t already aware, you should notice that there are number of roles that can be selected. More information about what each of these can do is available in the HelpCenter documentation.NOTE: One thing I’ll add here is that I noticed a quirk in some of our setups. If you use the browse method — and if for some reason the NetBIOS domain is not just the portion before the first dot in the FQDN domain (for example prem for prem.lab.internal) — then by default the User or group in the blank above is filled in incorrectly. In a few of our test environments, we are using the full FQDN without the dots as the NetBIOS name. This led to some issues that were easily fixed by just typing the correct domain in the blank. This feedback has been shared and I imagine it will be fixed before GA.If by chance you do NOT remove the groups before enabling MFA and then hit OK, you will receive an error message. Again, simply remove the groups to get past this error.
  3. It is important to understand that once you protect an account with MFA you will not be able to use it with automation methods such as PowerShell. To allow for this you will need to create an automation specific user, preferably with a very robust and often changed password, and set it in VBR as a service account to disable MFA. Complete adding your needed users and check the “Require two-factor authentication for interactive logon” to complete the server setup portion.
  4. Once you setup your accounts in Veeam Console, you will need to close out and relaunch to get into the MFA registration wizard. You would do this as you normally would, either using Windows session authentication or filling in the username and password.
  5. Once you hit Connect, you will get the standard MFA QR code for registration. Simply open the app of your choice and add by scanning the QR code, and then supply an active confirmation code to complete setup.

And with that you have now enabled two-factor authentication for your Veeam Backup and Replication users. You can potentially increase this further by not giving permissions to the user’s Windows logon account but instead doing a secondary, application-specific account, making them type in a username and password follow Step 4 above. In that scenario, you would have to authenticate to Windows, authenticate to Veeam and then provide an MFA code. That would all just depend on your organization’s security needs.

At the end of the day, security practices should be a part of everything we do as IT and Disaster Recovery administrators. Little things like requiring MFA for our critical backups add up to a well-designed, layered security model.

Categories: Cloud Backup, Cybercrime, Ransomware, Security, VeeamBy Jim JonesFebruary 7, 2023
Tags: MFAVBRpreviewmulti-factor authenticationVBR v12Veeam 12securityVeeam

Author: Jim Jones

Jim Jones is a Senior Product Infrastructure Architect on 11:11 Systems' Product Innovation team. He has more than 20 years of experience working as a SysAdmin in the SMB and Service Provider space. Jim has certifications from Cisco Systems, Cohesity, Veeam, and VMware. He is also a member of Cisco Champions, Veeam Vanguard, and VMware vExpert programs. You can follow him online on most platforms as k00laidIT. Jim's personal blog is https://koolaid.info.

Post navigation

PreviousPrevious post:Veeam 365 Backup v7 BETA: SaaSy ImmutabilityNextNext post:Building a Championship-Caliber Data Security Strategy

Related Posts

Protecting Microsoft Teams Channel Chat Data: Are You Prepared?
March 15, 2023
Security
You Can’t Win: Learning to Live with Security Pessimism
March 13, 2023
Veeam 12
Veeam 12: Appropriate Direct to Object Storage Use Cases
February 15, 2023
Building a Championship-Caliber Data Security Strategy
February 15, 2023
Veeam 12
Veeam 12 Preview: Veeam Cloud Connect Backup vs. Object Storage
February 14, 2023
Veeam 365 Backup v7 BETA: SaaSy Immutability
February 2, 2023
PRODUCTS & SERVICES
  • Cloud
  • Backup
  • Disaster Recovery
  • Managed Security
  • Connectivity Solutions
  • Compliance
COMPANY
  • Why 11:11
  • Customer Stories
  • Careers
  • Leadership
  • Technology Partners
  • News & Media
  • Contact Support
CLOUD REGIONS
  • North America
  • EMEA
  • APAC
CONNECT
  • LinkedIn
  • Twitter
  • Facebook
  • Youtube

© 2023 11:11 Systems Inc., All Rights Reserved | Privacy Notice

Go to Top
PRIVACY POLICY AND COOKIE CONSENT
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}
PRIVACY POLICY AND COOKIE CONSENT
To provide the best experiences, we use technologies like cookies to store and/or access device information that allows us to process data such as browsing behavior. Not consenting or withdrawing consent, may adversely affect certain features and functions. By clicking Accept, closing this message, or continuing to browse, you consent to these technologies and accept our Privacy Notice.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}