It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Azure MFA Requirements for Microsoft CSPs

  • Last updated on

This article applies to a Barracuda Message Archiver with a Microsoft Cloud Solution Provider account. Note that this is not a common setup.

Starting August 1, 2019, all Microsoft Cloud Solution Providers (CSPs) must use multi-factor authentication for all users, including service accounts, in their partner tenant.

For more information, see Partner Security Requirements.

Required use of multi-factor authentication (MFA) impacts all Barracuda Networks partners who are Microsoft CSPs and who configure Azure AD in Barracuda Cloud Control. Barracuda Cloud Control does not yet support the use of Azure MFA, which causes login failures if Azure MFA is enabled or required. As a workaround to bypass MFA, you can configure a conditional access policy in Azure AD for users signing in from trusted IPs or create an app password to allow apps access to your Microsoft 365 account.

Conditional Access Policy

To configure a conditional access policy and enable trusted IPs, refer to the section on Trusted IPs in the Microsoft support article Configure Azure Multi-Factor Authentication settings.

Contact your system administrator to obtain the external IPs necessary to create the conditional access policy.

App Password

If you are using Barracuda Message Archiver firmware version 5.3 or higher, set up Exchange Integration jobs with Exchange Online using EWS instead of a service account with an app password. See Configure Microsoft Exchange Online Email Import Using EWS.

To generate an app password to connect apps to Microsoft 365, refer to the Microsoft article Create an app password for Microsoft 365. Using an app password allows Barracuda to run Exchange Integration jobs without the need to authenticate with MFA.