The HTTP request was forbidden with client authentication scheme
Challenge
Microsoft 365 backups display the following error:
The HTTP request was forbidden with client authentication scheme 'Anonymous'.
This error typically occurs when specific mailboxes are accessed during backup jobs.
Cause
Following a coordinated investigation with Microsoft, we have confirmed that certain subscription plans, such as Exchange Online Kiosk and similar limited-service SKUs, may not support the API required by Veeam Backup for Microsoft 365.
As a result, calls to the API return an HTTP 403 Forbidden error, causing backup jobs to fail.
Solution
This issue is resolved. Mailboxes licensed with Exchange Online Kiosk, Microsoft 365 and Office 365 F1, and Microsoft 365 and Office 365 F3, temporarily blocked access to the API used by Veeam to perform backup operations. The access has been restored, and the issue has been resolved.
For more information, please refer to the following Microsoft article: Update to EWS Access for Kiosk / Frontline Worker Licensed Users
Veeam R&D continues to work closely with Microsoft on the upcoming deprecation of the EWS API. A future update will address these changes.
If this KB article did not resolve your issue or you need further assistance with Veeam software, please create a Veeam Support Case.
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Spelling error in text
Thank you!
Your feedback has been received and will be reviewed.
KB Feedback/Suggestion
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Thank you!
Your feedback has been received and will be reviewed.
Oops! Something went wrong.
Please, try again later.