SiteManager - b8.0.6524 - does not work with Microsoft Accounts and modern authentication


SiteManager - b8.0.6524 - does not work with Microsoft Accounts and...
Author
Message
Karl Wester-Ebbinghaus
Karl Wester-Ebbinghaus
Proficient Member
Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)
Group: Forum Members
Posts: 98, Visits: 186
Usecase:
use site manager to manage my MR Home installations / backup / restore overview.
I am using Windows 10/11 with MSA (Microsoft Accounts) and modern authentication such as Windows Hello

As per https://knowledgebase.macrium.com/display/MSM/Site+Manager+Access#SiteManagerAccess-ManagingLoginProviders Site Manager does only allow "legacy" authentication for local users outside Active Directory. 
MSA cannot be authenticated even though they exist in the local user list and have a password.

If I create a normal local user which is part of the administrators group, this one can authenticate to Site Manager.
Problem: having a local user part of the admin group with legacy authentication is quite a risk.

Similar issues exist if one uses Site Manager with MSBSA (Microsoft Business / School Accounts) as part of an Azure only Domain.
Hereby I request to review the existing methods and consider to enable Site Manager with modern authentication. Example: KeepassXC lately implemented a MFA authentication next to a password using Windows Hello, so there seems to be a way for such kind of authentications.
Alex
Alex
Macrium Representative
Macrium Representative (613 reputation)Macrium Representative (613 reputation)Macrium Representative (613 reputation)Macrium Representative (613 reputation)Macrium Representative (613 reputation)Macrium Representative (613 reputation)Macrium Representative (613 reputation)Macrium Representative (613 reputation)Macrium Representative (613 reputation)Macrium Representative (613 reputation)
Group: Macrium Moderators
Posts: 318, Visits: 1.1K
alQamar - 24 June 2022 7:40 PM
Usecase:
use site manager to manage my MR Home installations / backup / restore overview.
I am using Windows 10/11 with MSA (Microsoft Accounts) and modern authentication such as Windows Hello

As per https://knowledgebase.macrium.com/display/MSM/Site+Manager+Access#SiteManagerAccess-ManagingLoginProviders Site Manager does only allow "legacy" authentication for local users outside Active Directory. 
MSA cannot be authenticated even though they exist in the local user list and have a password.

If I create a normal local user which is part of the administrators group, this one can authenticate to Site Manager.
Problem: having a local user part of the admin group with legacy authentication is quite a risk.

Similar issues exist if one uses Site Manager with MSBSA (Microsoft Business / School Accounts) as part of an Azure only Domain.
Hereby I request to review the existing methods and consider to enable Site Manager with modern authentication. Example: KeepassXC lately implemented a MFA authentication next to a password using Windows Hello, so there seems to be a way for such kind of authentications.

Hi,
Site Manager does allow for Microsoft Accounts created on local computers - it should be possible to login as either the email address ([email protected]) or the 'shadow' username created on the computer for these accounts (COMPUTER\Username). The more advanced logins via Windows Hello are more problematic as the login attempt is made via the web browser through the Site Manager server - this would make things like facial recognition extremely difficult to achieve. We are looking at ways to improve this, but it's only at the investigation stage right now.

For Azure AD login, we currently use LDAP (and LDAPS) to manage active directory logins of all sorts. If LDAPS is configured in Azure AD , it would be possible to use with Site Manager by creating a manual domain provider.


Kind Regards,

Alex

Macrium Development

Next Webinar

See our reviews on

Trustpilot Logo
Trustpilot Stars


Karl Wester-Ebbinghaus
Karl Wester-Ebbinghaus
Proficient Member
Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)
Group: Forum Members
Posts: 98, Visits: 186
Hi Alex, thanks for your honest feedback. I have tried both the [email protected] format aswell as the shadow account which is then NETBIOSNAME\usern
I will try once more and report back to exclude this is a layer 8 issue Smile

Alex
Alex
Macrium Representative
Macrium Representative (613 reputation)Macrium Representative (613 reputation)Macrium Representative (613 reputation)Macrium Representative (613 reputation)Macrium Representative (613 reputation)Macrium Representative (613 reputation)Macrium Representative (613 reputation)Macrium Representative (613 reputation)Macrium Representative (613 reputation)Macrium Representative (613 reputation)
Group: Macrium Moderators
Posts: 318, Visits: 1.1K
alQamar - 30 June 2022 8:02 PM
Hi Alex, thanks for your honest feedback. I have tried both the [email protected] format aswell as the shadow account which is then NETBIOSNAME\usern
I will try once more and report back to exclude this is a layer 8 issue Smile

Please let me know how you get on - if you continue to have problems, our support or dev teams can try to recreate your setup and see if we can get it working.

Kind Regards,

Alex

Macrium Development

Next Webinar

See our reviews on

Trustpilot Logo
Trustpilot Stars


Karl Wester-Ebbinghaus
Karl Wester-Ebbinghaus
Proficient Member
Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)Proficient Member (219 reputation)
Group: Forum Members
Posts: 98, Visits: 186
I have tested it again,

netbiosname\usern
password
workgroup

works for the Agent installation. I suppose this would also work for the SM authentication.

the MSA Email address works as well. You must specify a domain which is "workgroup" in non ADDS domain joined / or Azure AD joined computers, this is what I missed last time.
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Reading This Topic

Login

Explore
Messages
Mentions
Search