Troubleshooting: "401 Unauthorized Error" for M365 Backup & Archive

The following is a list of possible causes, and the resolutions to each of them:

1. Your organisation has been set to 'auto-decommission' by Microsoft

Microsoft have begun decommissioning organisations using legacy authentication. The permissions/settings required to onboard organisations can be revoked due to this, and will need to be reversed. Please visit this article which outlines how to reverse this decommissioning, through opting-out of certain protocols. 

  1. Please opt out of any protocol mentioning 'EWS' and
  2. Please opt-out of 'Remote Powershell'

2. Not enough time has passed since applying permission/policy changes

Microsoft can take up to 1 hour for any newly implemented policies or changes to take affect. To proceed, allow 1 hour to pass, and re-enter the credentials into Probax Hive.

3. Incorrect Credentials entered into Hive

Incorrect credentials can produce a 401 Unauthorized error. Some of the most common mistakes include:

  • Mistakenly swapping the Application Password and Application Secret.
  • Misspelling the email address.
  • Inserting the incorrect Application Password (App Password).

Please confirm the credentials are correct and review the Knowledge Base article "M365 Backup & Archive Setup", wherein the credentials to be entered into Hive are discussed in detail.

4. Policy "Apps that don't use modern authentication" is disabled

In your SharePoint Online admin centre under the "Policies" tab, select "Access control". Under this heading, choose the "Apps that don’t use modern authentication" option and confirm this has been set to "Allow".

apps that dont use modern auth

5. Security Defaults is set to "Yes" 

Microsoft utilizes the Security Defaults section to automatically increase the basic security of organizations, which can cause Microsoft to block legacy authentication. To proceed, set this option to "No".

6. Conditional Access Policy

There can be instances where the conditional access policy in place can restrict access to the organization in question, that will need to be disabled to allow access to this organization. In the event that these cannot be disabled, please reach out to our support team and we will provide you with the appropriate IP addresses to add to the exclusion list.

7. Authentication policy 

Please ensure you have followed the authentication procedures outlined for:

  1. Simple Authentication setup (Step 12)
  2. Multi Factor Authentication setup (Step 15)
     
For technical support questions, please contact  support@probax.io
For sales and product information, contact your Partner Manager.