Loading...
Loading...
Microsoft 365 backups display the following error: The HTTP request was forbidden with client authentication scheme 'Anonymous'. This error typically occurs when specific mailboxes are accessed during backup jobs.
It was confirmed on March 27th, 2026, that Microsoft recently applied a patch to correct how Exchange Online enforces Exchange Web Services (EWS) access. Previously, some environments were able to access mailboxes via EWS even when it was not explicitly enabled (i.e., $Null status). After Microsoft corrected this behavior, EWS must now be explicitly enabled at both the organization and mailbox levels for backups to succeed. For more information, please reference: The way to control EWS usage in Exchange Online is changing For details about the occurrence of this issue from December 2025, please refer to the More Information section at the bottom of this article.
Microsoft provides training resources for utilizing PowerShell to manage Exchange Online: Microsoft Learning Center: Manage Exchange Online by using Windows PowerShell
Similar Issue from December 2025 Challenge Microsoft 365 backups display the following error: The HTTP request was forbidden with client authentication scheme 'Anonymous'. This error typically occurs when specific mailboxes are accessed during backup jobs. Cause Following a coordinated investigation with Microsoft, we have confirmed that certain subscription plans, such as Exchange Online Kiosk and similar limited-service SKUs, may not support the API required by Veeam Backup for Microsoft 365. As a result, calls to the API return an HTTP 403 Forbidden error, causing backup jobs to fail. Solution Status: This issue is resolved as of December 2025.Issue Root Cause: Mailboxes licensed with Exchange Online Kiosk, Microsoft 365, and Office 365 F1, and Microsoft 365 and Office 365 F3, were temporarily blocked from accessing the API used by Veeam for backup operations. The access has been restored, and the issue has been resolved. For more information, please refer to the following Microsoft article: Update to EWS Access for Kiosk / Frontline Worker Licensed Users. Veeam R&D continues to work closely with Microsoft on the upcoming deprecation of the EWS API. A future update will address these changes. A Veeam Support Statement regarding EWS deprecation is available on KB4820.
Veeam Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.