Veeam Support Knowledge Base
The HTTP request was forbidden with client authentication scheme

The HTTP request was forbidden with client authentication scheme

KB ID:	4796
Product:	Veeam Data Cloud for Microsoft 365 Veeam Backup for Microsoft 365
Published:	2025-11-25
Last Modified:	2026-03-27

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

Oops! Something went wrong.

Please, try again later.

Issue Recurrence

As of March 24th, 2026, new occurrences of this issue have been reported. Veeam and Microsoft are working together to isolate and resolve the issue. Further updates will be provided as more information becomes available.

Update 2026-03-26
It appears some cases may be related to preemptive disablement of EWS access. Please review "Control access to EWS in Exchange" and manually configure EWS access using PowerShell.

Note: The default value for Get-OrganizationConfig -EwsEnabled is $null. We recommend you set this to Set-OrganizationConfig -EwsEnabled $true until the phase-out period to avoid possible service interruptions.

Latest Deprecation Information

Microsoft has announced that, as of the end of June 2026, EWS access will be deprecated for the following licenses:

Exchange Online Kiosk
Microsoft 365 and Office 365 F1
Microsoft 365 and Office 365 F3

For more information, see: Update to EWS Access for Kiosk/Frontline Worker Licensed Users.

Challenge

Microsoft 365 backups display the following error:

The HTTP request was forbidden with client authentication scheme 'Anonymous'.

This error typically occurs when specific mailboxes are accessed during backup jobs.

Cause

Following a coordinated investigation with Microsoft, we have confirmed that certain subscription plans, such as Exchange Online Kiosk and similar limited-service SKUs, may not support the API required by Veeam Backup for Microsoft 365.

As a result, calls to the API return an HTTP 403 Forbidden error, causing backup jobs to fail.

Solution

Status: This issue is resolved as of December 2025.
Issue Root Cause: Mailboxes licensed with Exchange Online Kiosk, Microsoft 365, and Office 365 F1, and Microsoft 365 and Office 365 F3, were temporarily blocked from accessing the API used by Veeam for backup operations. The access has been restored, and the issue has been resolved.

For more information, please refer to the following Microsoft article: Update to EWS Access for Kiosk / Frontline Worker Licensed Users.

Veeam R&D continues to work closely with Microsoft on the upcoming deprecation of the EWS API. A future update will address these changes. A Veeam Support Statement regarding EWS deprecation is available on KB4820.

If this KB article did not resolve your issue or you need further assistance with Veeam software, please create a Veeam Support Case.

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

Product

Topic

Description

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

I would like to receive a follow-up email regarding my feedback

Verify your email to continue your product download

We've sent a verification code to:

An email with a verification code was just sent to

Didn't receive the code? Click to resend in sec

Didn't receive the code? Click to resend

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.