To achieve the optimal performance when CloudBacko Pro is running on your machine, refer to the following article for the list of hardware requirements.
CloudBacko Pro's Hardware Requirement List

Make sure the operating system where you have the Microsoft 365 installed is compatible with CloudBacko Pro. Refer to the following article for the list of compatible operating systems.
CloudBacko Pro's Supported Operating Systems

For agent-based backup and restore, make sure that the latest version of CloudBacko Pro is installed on your computer with Internet access for connection to your Microsoft 365 account.

User should also stay up-to-date when newer version of CloudBacko Pro is released. To get our latest product and company news through email, please Follow us on Facebook.

To optimize performance of CloudBacko Pro on Windows, you need to avoid conflict with your antivirus software. Refer to Exclusion of CloudBacko in your Antivirus software for details.

To avoid unexpected java crash, if the Windows machine is a guest VM hosted on a VMware Host then it is highly recommended that the VMware tools version installed on the guest VM must be 10.0.5 or above.

Below is the warning message that will be displayed if the version of the VMware Tools is less than 10.0.5.

CloudBacko Pro licenses are calculated on a per device basis:

Make sure that enough Microsoft 365 Backup modules have been purchased in your CloudBacko Pro license to cover the backup of your users.

The licenses for the Microsoft 365 module are calculated by the number of unique Microsoft 365 accounts.

If you are trying to backup SharePoint Sites under the Site Collections and/or files or folders under Public Folder, only one Microsoft 365 license module is required.

However, if you are trying to backup Items from Outlook, Items from OneDrive, Personal Sites under Users, the Microsoft 365 license count will be calculated based on the number of the user account selected.

A licensed Exchange Administrator or a licensed user with Public Folder permission is required otherwise you will not be able to access the public folder to select items and for backup or restore.

The default Java setting heap 2048M, is sufficient for Microsoft 365 backups based on the default 4 concurrent backup threads.

The Java heap size should only be increased if the number of current backup threads is increased as more backup threads is expected to consume more memory. But this does not guarantee that the overall backup speed will be faster since there will be an increased chance of throttling.

As the value of 4 concurrent backup threads is found to be the optimal setting for Microsoft 365 backups, to ensure best backup performance, minimal resource usage, and lowest probability of throttling of backup requests by Microsoft 365.

For more detailed information on how to increase the backup thread, please refer to Appendix E: How to Increase the Number of Concurrent Backup Threads. While for information on how to change the Java heap size, please refer to here.

The following subscription plans with Microsoft 365 email services are supported to run backup and restore on CloudBacko Pro.

Make sure your Microsoft 365 subscription with Microsoft is active in order to enjoy all privileges that come along with our backup services. If your account has expired, renew it with Microsoft as soon as possible so that you can continue enjoy the Microsoft 365 backup services provided by CloudBacko.

When your account is expired, depending on your role, certain access restrictions will be applied to your account. Refer to this URL for more details: Microsoft 365 Subscription Status

When restoring data of Microsoft 365 user, the account which the data will be restored to requires valid license(s):

The basic permissions required by a Microsoft user account for authentication of a Microsoft 365 backup set is as follows:

To assign the Global Admin role to accounts, follow the steps below:

1. Click the App launcher in the upper left side then click Admin to go to the Microsoft 365 admin center.
   
   
   
   
2. In the Microsoft 365 admin center, on the left panel click Users. Find the user you want to assign the Global Admin role and select Manage roles.
   
   
   
   
3. In the Manage roles window, select Admin center access then check the box beside Global admin. Click Save Changes to save the role you assigned.
   
   
   

To add Term Store Administrator role to the Microsoft 365 user account used to authenticate the Microsoft 365 backup set.

1. In the SharePoint admin center, under Content services, click Term store.
   
   
   
2. In the tree view pane on the left, select Taxonomy.
   
   
   
3. In the Term store page, for Admins, select Edit. The Edit term store admins panel appears.
   
   
   
4. Enter the names or email addresses of the Microsoft 365 user who you want to add as term store admins. Select Save.
   
   

This permission allows users added under the Members section of the Discovery Management group (refer to 2.11.4 for setup) to back up and/or restore user item(s) not only for their own account, but also the accounts of other users in the same Members section.

1. Open https://outlook.office365.com/ecp
   
   
2. Log in to Microsoft 365 as an account administrator.
   
   
   
   
   
3. Select the permissions menu on the left, then double click on Discovery Management on the right.
   
   
   
4. Click the + icon under the Roles section. These are the following roles:
   • ApplicationImpersonation
   • Legal Hold
   • Mailbox Import Export
   • Mailbox Search
   • Public Folders
     
     
     
5. Click Save to confirm and exit the setting.
   
   

1. Open https://outlook.office365.com/ecp
   
   
2. Log in to Microsoft 365 as an account administrator.
   
   
   
   
   
3. Select the permissions menu on the left, then double click on Discovery Management on the right.
   
   
   
4. You can now add users to this group. Click the + icon under the Members section.
   
   
   
5. Look for the username(s) of the account that you would like to add permission for, then click add > OK to add the corresponding user(s) to the permission group.
   
   
   
6. Click Save to confirm and exit the setting.
   
   

To successfully restore all share link types to alternate location of the same organization in Microsoft 365, follow the settings below:

To compensate for the significant backup performance increase, there is a tradeoff made by the Change Key API, which skips the checking of de-selected files in the backup source, which over time can result in a discrepancy between the items or files/folders selected in the backup sources and the those in the backup destination(s). However, the Change Key API will continue to check for de-selected Microsoft 365 user accounts or Site Collections. Un-selected individual Microsoft 365 user accounts or Site Collections detected during a backup job and will be automatically moved to retention area.

To overcome this, it is necessary in some cases to run a Data Synchronization Check (DSC) periodically. The DSC is similar to a regular Microsoft 365 Change Key API backup job but with the additional checking and handling of de-selected files and/or folders in the backup source. So that it will synchronize the data in the backup source and backup destination(s) to avoid data build-up and the freeing up of storage quota.

Here are the pros and cons of performing the DSC.

To comply with Microsoft’s product roadmap for Microsoft 365, in the latest CloudBacko Pro, Basic Authentication (Authentication using Microsoft 365 login credentials) will no longer be utilized. Instead all new Microsoft 365 backup sets created will use Modern Authentication.

Since the second half of 2021, it will be a mandatory requirement for organizations still using Basic Authentication or Hybrid Authentication to migrate to Modern Authentication.

Modern Authentication provides a more secure user authentication by using app token for authentication aside from using the Microsoft 365 login credentials. In order to use Modern Authentication, the Microsoft 365 account is registered under Global region and the Microsoft 365 backup is configured to use Global region.

Existing backup sets using Basic Authentication can be migrated to Modern Authentication. However, once the authentication process is completed, the authentication can never be reverted back to Basic Authentication. For more information on how to migrate to Modern Authentication please refer to Appendix G: Re-Authentication of Microsoft 365 Backup Set. After the upgrade to CloudBacko Pro v5.3.2.0 or above, the backup and restore process of existing Microsoft 365 backup sets still using Basic Authentication will not be affected during this transition period since Modern Authentication is not yet enforced by Microsoft.

In order to migrate existing backup sets to Modern Authentication there are two (2) methods:

• The first method is the Microsoft 365 account used for the backup set is assigned the Global Admin role.
• The second method is the Microsoft 365 account used for the backup set is an ordinary account. When changing the settings of the backup set, the user can ask a Microsoft 365 Global Admin to grant permission to authorize the migration of authentication. This is only required in migrating from Basic Authentication to Modern Authentication. This only needs to be done once per backup set.

To check the current authentication being used in your Microsoft 365 backup set, see criteria below:

If you click on the backup set and the following pop up message is displayed, then the backup set is using Basic Authentication.

For backup set using Modern or Hybrid Authentication, there is no pop up authentication alert.

Below are the supported services of Microsoft 365 Backup module. It is also specified in the table some services that are currently not yet supported by the Microsoft 365 Backup module.

Below are the supported Outlook Mailbox types of Microsoft 365 Backup.

Below are the items that you can back up or restore from a Microsoft mailbox.

Below are the items that you can back up or restore from OneDrive.

Below are the items that you can backup or restore from Teams Chat / Channel.

Below are the Site Collections/Personal Site items that you can back up or restore from a Microsoft 365 backup set.

Below are the SharePoint Site Collections template that you can back up or restore from a Microsoft 365 backup set.

Below is the Site Column Type that you can back up or restore from a Microsoft 365 backup set.

Below are the items from the Public Folder that you can backup and restore from a Microsoft 365 backup set.

The following table shows the maximum supported file size per item for backup and restore of each service.

• Modern Authentication is only supported for Microsoft 365 account that is registered in Global region and the Microsoft 365 backup is configured to use Global region.
• Migration to Modern Authentication is not supported on a Microsoft 365 account without a Global Admin role; or during the migration process, the Microsoft 365 account used to authenticate the migration does not have Global Admin role.
• Backup and restore of the site features setting for SharePoint Site Collection and/or Personal Site using Modern Authentication is not supported.
• Due to limitations in Microsoft API, when using Modern Authentication, backup and restore of SharePoint Web Parts and Metadata are not fully supported.
• Backup sets using Modern Authentication do not support backup of external content types (through the linkage from selected lists).
• Backup sets using Modern Authentication do not support backup and restore of the following:
  • Some list settings, currently known as Survey Options on survey list.
  • Feature setting for SharePoint Site and Personal Site.

• Document Libraries, List Items and their default Column Types will be supported, excluding customized Apps and SharePoint App Store applications.
• Most of site lists will be supported, except for certain list types that will be skipped to restore due to API limitation, for example is Microfeed in Classic Team Site.
• Site logos will NOT be restored, it is suggested revisiting the site setting page and manually add the missing images if necessary.
• User-defined workflow templates will NOT be supported for backup and restore.
• Recycle Bin will NOT be supported for backup and restore.
• Most of Site level settings will NOT be restored, except for those essential to support the successful restore of the backup items e.g. Manage Site Feature / Site Collection Feature.
• Most of List level settings (including List view) will NOT be restored, except for those essential to support the successful restore of backup items, e.g. item checkout settings. Following restore, it is suggested revisiting the relevant settings if necessary. This may affect list column ordering and visibility after restoring.
• Restoring External Data column is NOT supported if external content type has been deleted via SharePoint Designer.
• Restoring of multiple Value of managed metadata column when the key name (column name) contains space is NOT supported.
• Restoring of list with local managed metadata column to alternate location is NOT supported.
• The restore of SharePoint documents or folders with the following characters: / \ | * : “ < > in item name to a Windows local computer is not supported. As Windows does not support these characters for either a file or folder name.
• Restoring Newsfeed items in Modern Team Site will not publish the items to Homepage automatically, user will need to navigate to Site Content > Page Library> click on each individual news item and “Post” the news one by one manually.
  • Backup User (except for Global Admin) may not have permission to back up the site collection even if he/she can view it in the backup source tree. FOR EACH site collection, the user can backup it only if he/she is assigned as a site admin of that site collection.
    • If the user is assigned as site admin of the root level site collection only, he/she is not automatically added as site admin of other site collection under that root level site collection (i.e. If user is to backup specific site collection under the root, he/she has to be added as site admin of that specific site collection under the root also).
    • For site collection that can be viewed by user in the source tree which he/she is not yet assigned as a site administrator:
      • when user expand the node of that site collection, access denied error pop up will be given.
      • when user tick such site collection to backup, access denied error will be given in the backup log.

• Backup and restore of file share links will be supported for OneDrive and SharePoint Documents only, and only for restore to the same Office 365 organization.
• Backup and restore of all versions will be supported for OneDrive and SharePoint Documents only, except for ”.aspx“ files.

• Online Archive Mailbox will NOT be supported for backup and restore.
• For Outlook mail item, after using restore to original location to overwrite a mail item (the restored mail item is assigned a new mail ID), then
  • In the backup source tree of the same backup set:
    • the original ticked item still use the old mail ID to reference and becomes red item.
    • there is another item (with the new mail ID) created for that mail item.

• Backup of external chat/message, attachment to system message backup (e.g. meeting recording) and backup tabs, pins for chat/channel are not supported.
• Restore of chat/channel to original thread is not supported. Restore only as data export in HTML format, stored to local or OneDrive.
• If the backup scope selected is “This user only”, backup and restore of attachment is not supported since chat attachment sent by another user is located in the OneDrive of the other user.

• Only administrator account or user account with administrative authority can restore backup items to an alternate location.
• If you are trying to restore item(s) from one user to an alternate location user, CloudBacko Pro will restore the item(s) to their respective destination folder(s) with the same name as the original folder(s).
  Example: Item from Outlook of User-A will be restored to the Outlook of the alternate location User-B; Item from SharePoint of User-A will be restored to the SharePoint of the alternate location User-B.
• Restore of item(s) in public folder to an alternate location public folder is not supported.
  Example: Restore of item(s) in public folder from User-A to alternate location User-B is not supported.
• When restoring to alternate location, data type “Person or Group” will not be restored. Following restore, it is suggested revisiting the relevant settings if necessary. This also affects “Assigned To” column values of some list templates (e.g. Tasks list), and “Target Audience” column values of some list templates (e.g. Content and Structure Reports).
• If you are trying to restore item(s) from several users to an alternate location user, CloudBacko Pro will restore the item(s) to their respective destination folder(s) in alternate location user with the same name as the original folder(s).
  
  
  
  Example: Item from Outlook of User-A and User-B will be restored to the Outlook of the alternate location User-C.

If you are trying to restore item(s) from multiple Microsoft 365 user account to an alternate Microsoft 365 user account, CloudBacko Pro can only restore one Microsoft 365 user account at a time.

• Restoring of document library (including OneDrive) items 'Share Link to alternate organization will trigger a warning message.
• Skip to restore People and groups and Site permissions to alternate organization.

If you are trying to restore the item to a destination user which has a different language setting than the original user, CloudBacko Pro will restore item(s) to their respective destination folder based on the translation listed below.

For folders such as ‘Calendar’ or ‘Notes’, a new folder ‘Calendar’ or ‘Notes’ will be created.

For folders in OneDrive and SharePoint, a new folder will be created.

Restoring of existing documents in checked out status is supported only when the user who has checked out the file is the same user who is performing the restore.

For more detailed information on the limitations of Exchange Online, please refer to this Microsoft article, Exchange Online Limits. These are some of the limitations that will be discussed in the Exchange Online Limits article:

• Address book
• Mailbox storage
• Capacity alerts
• Mailbox folder
• Message
• Receiving and sending
• Retention
• Distribution group
• Journal, Transport, and Inbox rule
• Moderation
• Exchange ActiveSync

For more detailed information on the limitations of OneDrive, please refer to this Microsoft article, OneDrive Limits. These are some of the limitations that will be discussed in the OneDrive Limits article:

• File name and path lengths
• Thumbnails and previews
• Number of items to be synced
• Information rights management
• Differential sync
• Libraries with specific columns
• Windows specific limitations

For more detailed information on the limitations of SharePoint Online, please refer to this Microsoft article, SharePoint Online Limits. These are some of the limitations that will be discussed in the SharePoint Online article:

• Limits by plan
  
• Service limits for all plans, such as: items in lists and libraries, file size and file path length, moving and copying across site collections, sync, versions, SharePoint groups, managed metadata, subsites, etc.

The following are some best practices or recommendations we strongly recommend you follow before you start any Microsoft 365 backup and restore.

Temporary directory folder is used by CloudBacko for storing backup set index files and any incremental or differential backup files generated during a backup job. To ensure optimal backup/restoration performance, it is recommended that the temporary directory folder is set to a local drive with sufficient free disk space.

Consider the following best practices for optimized performance of the backup operations:

• Enable schedule backup jobs when system activity is low to achieve the best possible performance.
• Perform test restores periodically to ensure your backup is set up and performed properly. Performing recovery test can also help identify potential issues or gaps in your recovery plan. It is important that you do not try to make the test easier, as the objective of a successful test is not to demonstrate that everything is flawless. There might be flaws identified in the plan throughout the test and it is important to identify those flaws.

To provide maximum data protection and flexible restore options for agent-based backup, it is recommended to configure:

• At least one offsite or cloud destination
• At least one local destination for fast recovery

The periodic backup schedule should be reviewed regularly to ensure that the interval is sufficient to handle the data volume on the machine. Over time, data usage pattern may change on a production server, i.e. the number of new files created, the number of files which are updated/deleted, and new users may be added etc. schedule.

Consider the following key points to efficiently handle backup sets with periodic backup schedule.

• Hardware – to achieve optimal performance, compatible hardware requirements is a must. Ensure you have the backup machine’s appropriate hardware specifications to accommodate frequency of backups,

• Network – make sure to have enough network bandwidth to accommodate the volume of data within the backup interval.
• Retention Policy - also make sure to consider the retention policy settings and retention area storage management which can grow because of the changes in the backup data for each backup job.

Since Modern Authentication is already available, it is recommended that backup sets are migrated to Modern Authentication. All newly created Microsoft 365 backup sets on CloudBacko Pro automatically use Modern Authentication.

In general, we recommend that each Microsoft 365 backup set does not contain more than 2000 Microsoft 365 users, to ensure a daily incremental backup job completes within 24 hours assuming that only small incremental daily changes will be made on the backup set.

However, the actual number of Microsoft 365 users in a backup set may vary depending on the total number of Outlook, OneDrive, and SharePoint items, as well as the total size of these items. The actual number of Microsoft 365 users in a backup set could be considerably less or could be more than 2000.

For details on the actual item count and size of Microsoft 365 user, it is recommended to check in the Microsoft 365 Admin Centre, please refer to Appendix F: How to view Item count and Storage used in Microsoft 365 Admin Center.

Also, by splitting up all the users into separate backup sets, the more backup sets, the faster the backup process can achieve.

It is also a requirement that for every split backup sets should have its own unique user account for authentication to minimize the probability of throttling from Microsoft.

Example: If there are 10 split backup sets, then there should be 10 unique user accounts for authentication.

For more detailed example, refer to Appendix B: Example for backup of large numbers of Microsoft 365 users.

The value of 4 concurrent backup threads is found to be the optimal setting for Microsoft 365 backups, to ensure best backup performance, minimal resource usage, and lowest probability of throttling of backup requests by Microsoft 365.

For Microsoft 365 backup sets there are two approaches for backup source selection. Below are the sample screenshots of the selection All Microsoft 365 users and Selective Microsoft 365 user.

All Microsoft 365 users

Selective Microsoft 365 user

These are the Pros and Cons when selecting a backup source from all Microsoft 365 users and selective Microsoft 365 user.