Microsoft 365 Backup Module for CloudBacko Pro
Last Revision: 28th June 2022
Applicable CloudBacko Version: v5.3.2
Last Revision: 28th June 2022
Applicable CloudBacko Version: v5.3.2
To achieve the optimal performance when CloudBacko Pro is running on your machine, refer to the following article for the list of hardware requirements.
CloudBacko Pro's Hardware Requirement List
Make sure the operating system where you have the Microsoft 365 installed is compatible with CloudBacko Pro. Refer to the following article for the list of compatible operating systems.
CloudBacko Pro's Supported Operating Systems
For agent-based backup and restore, make sure that the latest version of CloudBacko Pro is installed on your computer with Internet access for connection to your Microsoft 365 account.
User should also stay up-to-date when newer version of CloudBacko Pro is released. To get our latest product and company news through email, please Follow us on Facebook.
To optimize performance of CloudBacko Pro on Windows, you need to avoid conflict with your antivirus software. Refer to Exclusion of CloudBacko in your Antivirus software for details.
To avoid unexpected java crash, if the Windows machine is a guest VM hosted on a VMware Host then it is highly recommended that the VMware tools version installed on the guest VM must be 10.0.5 or above.
Below is the warning message that will be displayed if the version of the VMware Tools is less than 10.0.5.
CloudBacko Pro licenses are calculated on a per device basis:
i. To backup users with one (1) backup client computer
Example: If one CloudBacko Pro is installed then, one CloudBacko Pro license is required.
ii. To backup users with multiple backup client computers, the number of CloudBacko Pro licenses required is equal to the number of devices.
Example: If there are ten (10) users to be backed-up with three (3) backup client computers, then 3 CloudBacko Pro licenses are required
Make sure that enough Microsoft 365 Backup modules have been purchased in your CloudBacko Pro license to cover the backup of your users.
The licenses for the Microsoft 365 module are calculated by the number of unique Microsoft 365 accounts.
If you are trying to backup SharePoint Sites under the Site Collections and/or files or folders under Public Folder, only one Microsoft 365 license module is required.
However, if you are trying to backup Items from Outlook, Items from OneDrive, Personal Sites under Users, the Microsoft 365 license count will be calculated based on the number of the user account selected.
A licensed Exchange Administrator or a licensed user with Public Folder permission is required otherwise you will not be able to access the public folder to select items and for backup or restore.
The default Java setting heap 2048M, is sufficient for Microsoft 365 backups based on the default 4 concurrent backup threads.
The Java heap size should only be increased if the number of current backup threads is increased as more backup threads is expected to consume more memory. But this does not guarantee that the overall backup speed will be faster since there will be an increased chance of throttling.
As the value of 4 concurrent backup threads is found to be the optimal setting for Microsoft 365 backups, to ensure best backup performance, minimal resource usage, and lowest probability of throttling of backup requests by Microsoft 365.
For more detailed information on how to increase the backup thread, please refer to Appendix E: How to Increase the Number of Concurrent Backup Threads. While for information on how to change the Java heap size, please refer to here.
The following subscription plans with Microsoft 365 email services are supported to run backup and restore on CloudBacko Pro.
|Microsoft 365 Business||Microsoft 365 Business Essentials|
|Microsoft 365 Business Premium||Microsoft 365 Enterprise E1|
|Microsoft 365 Enterprise E3||Microsoft 365 Enterprise E4|
|Microsoft 365 Enterprise E5||Microsoft 365 Education|
Make sure your Microsoft 365 subscription with Microsoft is active in order to enjoy all privileges that come along with our backup services. If your account has expired, renew it with Microsoft as soon as possible so that you can continue enjoy the Microsoft 365 backup services provided by CloudBacko.
When your account is expired, depending on your role, certain access restrictions will be applied to your account. Refer to this URL for more details: Microsoft 365 Subscription Status
When restoring data of Microsoft 365 user, the account which the data will be restored to requires valid license(s):
The basic permissions required by a Microsoft user account for authentication of a Microsoft 365 backup set is as follows:
The Microsoft 365 account used for authentication must have Global Admin Role, since Modern Authentication will be used. This is to ensure that the authorization configuration requirements will be fulfilled (e.g. connect to Microsoft Azure AD to obtain the App Access Token).
The Term Store Administrator Role may be required for backup and restore of SharePoint items.
The Discovery Management security group must be assigned the following roles:
To assign the Global Admin role to accounts, follow the steps below:
To add Term Store Administrator role to the Microsoft 365 user account used to authenticate the Microsoft 365 backup set.
This permission allows users added under the Members section of the Discovery Management group (refer to 2.11.4 for setup) to back up and/or restore user item(s) not only for their own account, but also the accounts of other users in the same Members section.
To successfully restore all share link types to alternate location of the same organization in Microsoft 365, follow the settings below:
To compensate for the significant backup performance increase, there is a tradeoff made by the Change Key API, which skips the checking of de-selected files in the backup source, which over time can result in a discrepancy between the items or files/folders selected in the backup sources and the those in the backup destination(s). However, the Change Key API will continue to check for de-selected Microsoft 365 user accounts or Site Collections. Un-selected individual Microsoft 365 user accounts or Site Collections detected during a backup job and will be automatically moved to retention area.
To overcome this, it is necessary in some cases to run a Data Synchronization Check (DSC) periodically. The DSC is similar to a regular Microsoft 365 Change Key API backup job but with the additional checking and handling of de-selected files and/or folders in the backup source. So that it will synchronize the data in the backup source and backup destination(s) to avoid data build-up and the freeing up of storage quota.
Here are the pros and cons of performing the DSC.
|Backup time|| Since DSC is enabled, it will only run on the set interval. For example, the default number of interval is 60 days. |
The backup time for the data synchronization job will take longer than the usual backup as it is checking the de-selected files and/or folders in the backup source and data in backup destination(s).
|As DSC is disabled, the backup time will be not be affected.|
|Storage||Management of storage quota will be more efficient as it will detect items that are de-selected and moved it to retention and will be removed after it exceeds the retention policy freeing up the storage quota.||Management of storage quota will be less efficient even though files and/or folders are already de-selected from the backup source, these files will remain in the data area of backup destination(s).|
Data Synchronization Check (DSC) is enabled by default and will run every 60 days.
Assumption: CloudBacko Pro Installation path is C:\Program Files\CloudBacko Pro
To disable the data synchronization check, follow the instructions below:
To check if the DSC is enabled, follow the instructions below:
To adjust the interval number of days, follow the instructions below:
To comply with Microsoft’s product roadmap for Microsoft 365, in the latest CloudBacko Pro, Basic Authentication (Authentication using Microsoft 365 login credentials) will no longer be utilized. Instead all new Microsoft 365 backup sets created will use Modern Authentication.
Since the second half of 2021, it will be a mandatory requirement for organizations still using Basic Authentication or Hybrid Authentication to migrate to Modern Authentication.
Modern Authentication provides a more secure user authentication by using app token for authentication aside from using the Microsoft 365 login credentials. In order to use Modern Authentication, the Microsoft 365 account is registered under Global region and the Microsoft 365 backup is configured to use Global region.
Existing backup sets using Basic Authentication can be migrated to Modern Authentication. However, once the authentication process is completed, the authentication can never be reverted back to Basic Authentication. For more information on how to migrate to Modern Authentication please refer to Appendix G: Re-Authentication of Microsoft 365 Backup Set. After the upgrade to CloudBacko Pro v188.8.131.52 or above, the backup and restore process of existing Microsoft 365 backup sets still using Basic Authentication will not be affected during this transition period since Modern Authentication is not yet enforced by Microsoft.
In order to migrate existing backup sets to Modern Authentication there are two (2) methods:
To check the current authentication being used in your Microsoft 365 backup set, see criteria below:
If you click on the backup set and the following pop up message is displayed, then the backup set is using Basic Authentication.
The following table shows the maximum supported file size per item for backup and restore of each service.
To avoid future backup error/warning, the user will need to deselect the red item and tick the mail item again (new mail ID) in the backup source tree. This re-selection of backup source is not automatically done after you restore under overwrite to original location scenario.
If you are trying to restore item(s) from multiple Microsoft 365 user account to an alternate Microsoft 365 user account, CloudBacko Pro can only restore one Microsoft 365 user account at a time.
If you are trying to restore the item to a destination user which has a different language setting than the original user, CloudBacko Pro will restore item(s) to their respective destination folder based on the translation listed below.
For folders such as ‘Calendar’ or ‘Notes’, a new folder ‘Calendar’ or ‘Notes’ will be created.
For folders in OneDrive and SharePoint, a new folder will be created.
Restoring of existing documents in checked out status is supported only when the user who has checked out the file is the same user who is performing the restore.
|Backup source (English)||Action||Destination User with Chinese as default language settings|
|Calendar||Create new folder||Calendar|
|Notes||Create new folder||Notes|
|OneDrive Folder||Create new folder||OneDrive Folder|
|SharePoint Folder||Create new folder||SharePoint Folder|
For more detailed information on the limitations of Exchange Online, please refer to this Microsoft article, Exchange Online Limits. These are some of the limitations that will be discussed in the Exchange Online Limits article:
For more detailed information on the limitations of OneDrive, please refer to this Microsoft article, OneDrive Limits. These are some of the limitations that will be discussed in the OneDrive Limits article:
For more detailed information on the limitations of SharePoint Online, please refer to this Microsoft article, SharePoint Online Limits. These are some of the limitations that will be discussed in the SharePoint Online article:
The following are some best practices or recommendations we strongly recommend you follow before you start any Microsoft 365 backup and restore.
Temporary directory folder is used by CloudBacko for storing backup set index files and any incremental or differential backup files generated during a backup job. To ensure optimal backup/restoration performance, it is recommended that the temporary directory folder is set to a local drive with sufficient free disk space.
Consider the following best practices for optimized performance of the backup operations:
To provide maximum data protection and flexible restore options for agent-based backup, it is recommended to configure:
The periodic backup schedule should be reviewed regularly to ensure that the interval is sufficient to handle the data volume on the machine. Over time, data usage pattern may change on a production server, i.e. the number of new files created, the number of files which are updated/deleted, and new users may be added etc. schedule.
Consider the following key points to efficiently handle backup sets with periodic backup schedule.
Since Modern Authentication is already available, it is recommended that backup sets are migrated to Modern Authentication. All newly created Microsoft 365 backup sets on CloudBacko Pro automatically use Modern Authentication.
In general, we recommend that each Microsoft 365 backup set does not contain more than 2000 Microsoft 365 users, to ensure a daily incremental backup job completes within 24 hours assuming that only small incremental daily changes will be made on the backup set.
However, the actual number of Microsoft 365 users in a backup set may vary depending on the total number of Outlook, OneDrive, and SharePoint items, as well as the total size of these items. The actual number of Microsoft 365 users in a backup set could be considerably less or could be more than 2000.
For details on the actual item count and size of Microsoft 365 user, it is recommended to check in the Microsoft 365 Admin Centre, please refer to Appendix F: How to view Item count and Storage used in Microsoft 365 Admin Center.
Also, by splitting up all the users into separate backup sets, the more backup sets, the faster the backup process can achieve.
It is also a requirement that for every split backup sets should have its own unique user account for authentication to minimize the probability of throttling from Microsoft.
Example: If there are 10 split backup sets, then there should be 10 unique user accounts for authentication.
For more detailed example, refer to Appendix B: Example for backup of large numbers of Microsoft 365 users.
The value of 4 concurrent backup threads is found to be the optimal setting for Microsoft 365 backups, to ensure best backup performance, minimal resource usage, and lowest probability of throttling of backup requests by Microsoft 365.
For Microsoft 365 backup sets there are two approaches for backup source selection. Below are the sample screenshots of the selection All Microsoft 365 users and Selective Microsoft 365 user.
These are the Pros and Cons when selecting a backup source from all Microsoft 365 users and selective Microsoft 365 user.
|All Microsoft 365 users||Selective Microsoft 365 user|
|Backup Set Maintenance||The Admin does not need to manage the backup set, i.e. to select or unselect use when a Microsoft 365 user account was added or removed, the changes are automatically updated in the backup source.|| The Admin will have to select or unselect users manually when a Microsoft 365 user account was added or removed, as the changes are not automatically updated in the backup source this can be very time consuming.
If a Microsoft 365 user account is removed from the domain and the admin forgets to unselect the Microsoft 365 user account from the backup source, then this will cause a warning that the user does not exist.
|Microsoft 365 License|| The backup user account must have additional Microsoft 365 license modules assigned to cover any increase in Microsoft 365 users. Otherwise, if additional users are added without sufficient modules, then this will cause backup quota exceeded warning and additional users will not be backed up.|
For more details on the computation on the required license please see Appendix A: Example Scenarios for Microsoft 365 License Requirement and Usage
|This will allow the admin to easily control or manage the number of license modules used for the backup set.|
|Backup Time||All Microsoft 365 user accounts will be backed up. This means the initial full backup job will take longer, any subsequent incremental backup will take longer.||Only selective Microsoft 365 user accounts will be backed up. This will mean the initial full backup job will be faster, any subsequent incremental backup will be faster.|
|Storage||As all Microsoft 365 user accounts are backed up, more storage will be required.||As only selective Microsoft 365 user accounts will be backed up, the backup set will require relatively less storage.|
|Data Synchronization Check||As all Microsoft 365 user accounts are selected for backup, regular DSC may not be required.|| As only selective files and/or folders are selected for backup, DSC is highly recommended to synchronize de-selected files and/or folders in the backup source with the backup destination(s).
To know more about the DSC, please refer to Appendix D: Example Scenario for Data Synchronization Check (DSC) with sample backup reports.