Protecting Office 365 data
Protecting Office 365 data
Why back up Office 365 data?
Even though Microsoft Office 365 is a set of cloud services, regular backups provide an additional layer of protection from user errors and intentional malicious actions. You can recover deleted items from a backup even after the Office 365 retention period has expired. Also, you can keep a local copy of the Exchange Online mailboxes if it is required for regulatory compliance.
Agent for Office 365
Depending on the desired functionality, you can choose to install Agent for Office 365 locally, use the agent installed in the cloud, or both. The following table summarises the functionality of the local and the cloud agent.
| Local Agent for Office 365 | Cloud Agent for Office 365 |
|---|---|---|
Data items that can be backed up | Exchange Online: user and shared mailboxes |
|
Backup of archive mailboxes (In-Place Archive)
| No | Yes |
Backup schedule | Cannot be changed. Each protection plan runs daily at the same time of day.* | |
Backup locations | Cloud storage, local folder, network folder | Cloud storage only |
Automatic protection of new Office 365 users, groups, sites | No | Yes, by applying a protection plan to the All users, All groups, All sites groups |
Protecting more than one Office 365 organization | No | Yes |
Granular recovery | Yes | Yes |
Recovery to another user within one organization | Yes | Yes |
Recovery to another organization | No | Yes |
Recovery to an on-premises Microsoft Exchange Server | No | No |
Maximum number of items that can be backed up without performance degradation | When backing up to the cloud storage: 5000 mailboxes per company When backing up to other destinations: 2000 mailboxes per protection plan (no limitation for number of mailboxes per company) | 10 000 protected items (mailboxes, OneDrives, or sites) per company** |
Maximum number of manual backup runs | No | |
Maximum number of simultaneous recovery operations | No | 10 operations, including GSuite recovery operations |
* Because a cloud agent serves multiple customers, it determines the start time for each protection plan on its own, to ensure even load during a day and the equal quality of service for all of the customers.
** It is recommended that you back up your protected items gradually and in this order:
- Mailboxes.
- After all mailboxes are backed up, proceed with OneDrives.
- After OneDrive backup is completed, proceed with the SharePoint Online sites.
The first full backup may take several days, depending on the number of protected items and their size.
Limitations
- A mailbox backup includes only folders visible to users. The Recoverable items folder and its subfolders (Deletions, Versions, Purges, Audits, DiscoveryHold, Calendar Logging) are not included in a mailbox backup.
- Automatic creation of users, public folders, groups, or sites during a recovery is not possible. For example, if you want to recover a deleted SharePoint Online site, first create a new site manually, and then specify it as the target site during a recovery.
Required user rights
In the Cyber Protection service
Any Agent for Office 365, either local or cloud, must be registered under a company administrator account and used on a customer tenant level. Company administrators acting on a unit level, unit administrators, and users cannot back up or recover Office 365 data.
In Microsoft Office 365
Your account must be assigned the global administrator role in Microsoft Office 365.
To back up and recover Office 365 public folders, at least one of your Office 365 administrator accounts must have a mailbox and read/write rights to the public folders that you want to back up.
- The local agent will log in to Office 365 by using this account. To enable the agent to access the contents of all mailboxes, this account will be assigned the ApplicationImpersonation management role. If you change this account password, update the password in the service console, as described in "Changing the Office 365 access credentials".
- The cloud agent does not log in to Office 365. The agent is given the necessary permissions directly by Microsoft Office 365. You only need to confirm granting these permissions once, being signed in as a global administrator. The agent does not store your account credentials and does not use them to perform backup and recovery. Changing this account password or disabling this account or deleting this account in Office 365 does not affect agent operation.
Related Articles
Protecting Gmail data
What items can be backed up? You can back up Gmail users' mailboxes. A mailbox backup also includes the Calendar and Contacts data. Optionally, you can choose to back up the shared calendars. The following items are skipped during a backup: The ...Recovering SharePoint Online data
Recovering SharePoint Online data Click Microsoft Office 365. If multiple Office 365 organizations were added to the Cyber Protection service, select the organization whose backed-up data you want to recover. Otherwise, skip this step. Do one of the ...Selecting SharePoint Online data
Selecting SharePoint Online data Select the data as described below, and then specify other settings of the protection plan as appropriate. To select SharePoint Online data Click Microsoft Office 365. If multiple Office 365 organizations were added ...Protecting mobile devices
Protecting mobile devices The backup app allows you to back up your mobile data to the Cloud storage and then recover it in case of loss or corruption. Note that backup to the cloud storage requires an account and the Cloud subscription. Supported ...Adding a Microsoft Office 365 organization
Adding a Microsoft Office 365 organization To add a Microsoft Office 365 organization Sign in to the service console as a company administrator. Click the account icon in the top-right corner, and then click Downloads > Agent for Office 365. Download ...