The Veeam Data Platofrm 23H2 update was released on Tuesday December 5th, 2023.
11 products received updates, including Veeam Backup & Replication v12.1, Veeam ONE v12.1, Veeam Recovery Orchestrator 7, Veeam Agent for Windows 6.1, Veeam Agent for Linux v6.1, Veeam Agent for Oracle Solaris v4.1, Veeam Agent for IBM AIX v4.1, Veeam Agent for Mac 2.1, Veeam Backup for AWS v7, Veeam Backup for Microsoft Azure v6 and Veeam Backup for Google Cloud v5.0.
The focus of this release is on security, with features like Inline Malware Scan, Four eyes authorization. Additionally, the best practices analyzer is not whe Security & Compliance Analyzer. Veeam ONE v12.1 now offers a Threat Center Dashboard that provides a central view on the data protection security status.
v12.1 is touted as the biggest minor release in the history of Veeam Backup & Replication (VBR) and it sure offers a lot of new functionality: It's What's New documentation spans 24 pages. Not every feature is as interesting as other features, so I decided to provide you with the five features that sparked my interest as an Identity admin:
Sensitive data protection
Saved credentials stored in the configuration database in an encrypted form using Microsoft Data Protect API (DPAPI) are now additionally protected with a randomly generated entropy value providing additional key derivation. This entropy is stored in the backup server registry key only accessible to the Local Administrators group, providing protection against attacks by unprivileged users and processes.
However, a newly installed backup server cannot decrypt such information if attached to the existing database, so any encrypted information must be supplied manually. To work around this, use the configuration backup and restore functionality for backup server migrations.
Restore mailbox to any domain from Enterprise Manager
Backup admins can now restore Microsoft Exchange items to any domain. To enable this option, select the corresponding checkbox in the Active Directory account settings and the restore wizard will prompt you for the admin credentials of the desired domain.
Gmail and Microsoft 365 email notifications
For Veeam Explorer email notifications, in addition to basic SMTP servers, v12.1 now supports Google Gmail and Microsoft 365 with their OAuth 2.0 protocol-based secure authorization and access-token-based authentication.
Entra ID authentication to Object Storage
Backup admins can now leverage service principals (application registrations) to access Microsoft Azure Blob Storage resources, which is a more secure approach recommended by Microsoft over using shared keys.
Google Service Credentials for the Backup server's REST API
Backup server REST API has been expanded with support for Google Cloud Platform (GCP) service account credentials in REST API. Backup admins can specify a JSON account key generated by Google Cloud and use it in their resources.