• +1 (302) 476 2350
  • info@replacemagic.com

How To...

SharePoint Multi-Factor Authentication and 3rd party applications

Download ReplaceMagic Videos: How to use ReplaceMagic

In case that you are using MFA (multi-factor authentication) on your SharePoint (users have to provide username and password but might also, for example, get text message on their phones) you will need to configure app passwords.

How to configure application password?

To be able to use MFA for third party applications you will need to create application password and to do that, when you log to your SharePoint, click on your username and select option My Account where you'll need to go to the Security & Privacy and then to "Create and manage app password" where you can create application password.

Save this password as later when you go to ReplaceMagic you’ll have to use it instead of your normal password.

How to login when MFA is enabled and you have application password?

Important: in case that you were in ReplaceMagic when creating app password before you can use it please close ReplaceMagic and start it again!

In ReplaceMagic go to the form where you can add SharePoint site and as a username use your normal username but password has to be application password that you generated and approved in SharePoint:

As Authentication mode try first "SharePoint Online (Office 365)":

or if that does not work properly then try "Multi-factor authentication (BETA)":

On some cases might happen that browser window that will appear when selecting MFA authentication mode is gone without option to enter anything there. In that case it helped us when we in SharePoint Admin under users and Multi-factor authentication we selected:

Btw. same approach is also for other applications if you want to connect them to your SharePoint and you are using MFA.. Source: https://support.office.com/en-us/article/create-an-app-password-for-office-365-3e7c860f-bda4-4441-a618-b53953ee1183

Legacy authentication mode: Per default ReplaceMagic is using legacy authentication mode (parameter SharePoint LegacyAuthenticationMode under Configuration => SharePoint) but it might happen that legacy authentication mode cannot be used as it is disabled by your SharePoint administrators. In case that we try to use it and it is disabled we will not be able to upload changed documents.

To check current value of parameter LegacyAuthProtocolsEnabled ask you SharePoint administrators or go to PowerShell command mode (you might need to install it. Download link is : https://www.microsoft.com/download/details.aspx?id=35588) and run code:

Connect-SPOService -Url "https://tenant-admin.sharepoint.com";
$TenantSettings = Get-SPOTenant;

After pressing Enter you will see if parameter is set to true or false.
For example, on our SharePoint.Online tenant we have this parameter set to True:

Which means that we are allowing legacy authentication mode.

In case that it is set to False please check that ReplaceMagic parameter "SharePoint LegacyAuthProtocolsEnabled" is also set to False as, like previously written, it might happen that we cannot upload changed documents (Microsoft limitation). Other approaches are to talk to your SharePoint admins to either temporary set this parameter to true or to create policy where user running ReplaceMagic will get exceptional approval to have this parameter set to true.

Approach 1 (change of parameter to true): PowerShell command to change value of LegacyAuthProtocolsEnabled is:

Set-SPOTenant -LegacyAuthProtocolsEnabled $false or
Set-SPOTenant -LegacyAuthProtocolsEnabled $true

Keep in mind that after you make change of this parameter it might take some time until it is not active (might take from few minutes to few hours) and change will have global effect.

Approach 2 (exceptional policy for ReplaceMagic): More infos how to create exception policy can be found over: https://www.liktorius.com/2019/07/17/prevent-azure-legacy-auth-for-veeam-vbo-365 We tested this approach with our customers and it worked.

Approach 3 - usage of SharePoint App-Only authentication mode. To see how to configured it please read article "Granting access using SharePoint App-Only (use when Legacy Authentication is not allowed)"

Download ReplaceMagic Videos: How to use ReplaceMagic

Main drivers for ReplaceMagic in combination with SharePoint:

  • Native integation with SharePoint (On-Premise and Onsite)
  • ReplaceMagic will keep main document properties
  • ReplaceMagic relies on SharePoint configuration
  • Good performances
  • Competative price for customers

In case of any questions please do not hesitate to contact us.