Create Backup Set

Microsoft 365 Backup allows you to backup your Outlook, OneDrive, Personal Site, Teams, Sharepoint Sites and Public Folders from your Microsoft 365 account.

Requirements

You are strongly recommended to configure or check all the settings below to confirm all the requirements are met before you proceed with the Microsoft 365 backup and restoration:

  1. Make sure that the latest version of CloudBacko Pro is installed on your computer with Internet access for connection to your Microsoft 365 account.
  2. Upgrade VMware Tools - To avoid unexpected java crash, if the Windows machine is a guest VM hosted on a VMware Host then it is highly recommended that the VMware tools version installed on the guest VM must be 10.0.5 or above.
  3. Backup Quota Requirement - Make sure that your CloudBacko Pro user account has sufficient quota assigned to accommodate the storage of the Microsoft 365 users for the new backup set and retention policy.
  4. The default Java heap setting 2048M, is sufficient for Microsoft 365 backups based on the default 4 concurrent backup threads.

    The Java heap size should only be increased if the number of current backup threads is increased as more backup threads is expected to consume more memory. But this does not guarantee that the overall backup speed will be faster since there will be an increased chance of throttling.

    As the value of 4 concurrent backup threads is found to be the optimal setting for Microsoft 365 backups, to ensure best backup performance, minimal resource usage, and lowest probability of throttling of backup requests by Microsoft 365.

  5. The following subscription plans with Microsoft 365 email services are supported to run backup and restore on CloudBacko Pro.
    Microsoft 365 Business Microsoft 365 Business Essentials
    Microsoft 365 Business Premium Microsoft 365 Entrprise E1
    Microsoft 365 Entrprise E3 Microsoft 365 Entrprise E4
    Microsoft 365 Entrprise E5 Microsoft 365 Education
  6. Make sure your Microsoft 365 subscription with Microsoft is active in order to enjoy all privileges that come along with our backup services. If your account has expired, renew it with Microsoft as soon as possible so that you can continue to enjoy the Microsoft 365 backup services. When your account is expired, depending on your role, certain access restrictions will be applied to your account.

    Refer to the URL below for more details: https://support.office.com/en-us/article/What-happens-to-my-data-and-access-when-my-Office-365-for-business-subscription-ends-4436582f-211a-45ec-b72e-33647f97d8a3#BKMK_TrialEnds

  7. Microsoft 365 Permission Requirements for CloudBacko Pro - The basic permissions required by a Microsoft user account for authentication of a CloudBacko Pro Microsoft 365 backup set is as follows:
    Otherwise, proceed to grant all necessary permissions to the Microsoft user account as shown in the following instructions.

    Assigning Global Admin Role to Accounts
    To assign the Global Admin role to accounts, follow the steps below:
    1. Click the App launcher in the upper left side then click Admin to go to the Microsoft 365 admin center.
    2. In the Microsoft 365 admin center, on the left panel click Users. Find the user you want to assign the Global Admin and select Manage roles.
    3. In the Manage roles window, select Admin center access then check the box beside Global admin. Click Save Changes to save the role you assigned.

    Granting Term Store Administrator Role
    To add Term Store Administrator role to the Microsoft 365 user account used to authenticate the Microsoft 365 backup set.
    1. In the SharePoint admin center, under Content services, click Term store.
    2. In the tree view pane on the left, select the Taxonomy.
    3. In the Term store page, for Admins, select Edit. The Edit term store admins panel appears.
    4. Enter the names or email addresses of the Microsoft 365 user who you want to add as term store admins. Select Save.

    Granting Permission to Discovery Management Group
    This permission allows users added under the Members section of the Discovery Management group (refer to Granting Permission to Accounts for Creating Backup Set) to back up and/or restore user item(s) not only for their own account, but also the accounts of other users in the same Members section.
    1. Open https://outlook.office365.com/ecp.
    2. Log in to the Microsoft 365 as an account administrator.
    3. Select the permissions menu on the left, then double click on Discovery Management on the right.
    4. Click the [+] icon under the Roles section. These are the following roles:
      • ApplicationImpersonation
      • Legal Hold
      • Mailbox Import Export
      • Mailbox Search
      • Public Folders
    5. Click Save to confirm and exit the setting.

    Granting Permission to Accounts for Creating Backup Set
    1. Open https://outlook.office365.com/ecp.
    2. Log in to the Microsoft 365 as an account administrator.
    3. Select the permissions menu on the left, then double click on Discovery Management on the right.
    4. You can now add users to this group. Click the [+] icon under the Members section.
    5. Look for the username(s) of the account that you would like to add permission for, then click add > OK to add the corresponding user(s) to the permission group.
    6. Click Save to confirm and exit the setting.

    Granting Permission to restore all share link types to alternate location in Microsoft 365
    To successfully restore all share link types to alternate location of the same organization in Microsoft 365, follow the settings below:
  8. Data Synchronization Check (DSC) Setup - To compensate for the significant backup performance increase, there is a tradeoff made by the Change Key API, which skips the checking of de-selected files in the backup source, which over time can result in a discrepancy between the items or files/folders selected in the backup sources and those in the backup destination(s).

    To overcome this, it is necessary in some cases to run a Data Synchronization Check (DSC) periodically, so that it will synchronize the data in the backup source and backup destination(s) to avoid data build-up and free up storage quota.

    Enabled Disabled
    Backup Time Since data synchronization check is enabled, it will only run on the set interval. For example, the default number of interval is 60 days The backup time for the data synchronization job will take longer than the usual backup as it is checking the de-selected files and/or folders in the backup source and data in the backup destination(s) As data synchronization check is disabled, the backup time will not be affected.
    Storage Management of storage quota will be more efficient as it will detect items that are de-selected and move it to retention and will be removed after it exceeds the retention policy freeing up the storage quota. Management of storage quota will be less efficient even though files and/or folders are already de-selected from the backup source, these files will remain in the data area of backup destination(s).
  9. Authentication - To comply with Microsoft’s product roadmap for Microsoft 365, from CloudBacko Pro v4.1.4.0 or above, Basic Authentication (Authentication using Microsoft 365 login credentials) will no longer be utilized. Instead all new Microsoft 365 backup sets created will use Modern Authentication.

    Since the second half of 2021, it will be a mandatory requirement for organizations still using Basic Authentication or Hybrid Authentication to migrate to Modern Authentication.

    Modern Authentication provides a more secure user authentication by using app token for authentication aside from using the Microsoft 365 login credentials. In order to use Modern Authentication, the Microsoft 365 account is registered under Global region and the Microsoft 365 backup is configured to use Global region. As both Germany and China region do not support Modern Authentication.

    Existing backup sets using Basic Authentication can be migrated to Modern Authentication. However, once the authentication process is completed, the authentication can never be reverted back to Basic Authentication. For more information on how to migrate to Modern Authentication please refer to this link Migrating Authentication of Microsoft 365 Backup Set. After the upgrade to CloudBacko Pro v5 or above, the backup and restore process of existing Microsoft 365 backup sets still using Basic Authentication will not be affected during this transition period since Modern Authentication is not yet enforced by Microsoft.


    To check the current authentication being used in your Microsoft 365 backup set, see criteria below:

Supported Services

These are the supported services of Microsoft 365 Backup module

Services Supported Services Supported
Outlook Yammer
OneDrive Microsoft Stream
SharePoint Power BI
Microsoft Teams Microsoft Power Apps

These are the supported Outlook Mailbox types of Microsoft 365

Item Supported Item Supported
Archive Mailbox Distribution Group
Dynamic Distribution Group Equipment Mailbox
Microsoft 365 Group Public Folder
Public Folder Mailbox Room Mailbox
Security Group Shared Mailbox
User Mailbox

These are the supported items that you can back up and restore from an Outlook Mailbox

Item Supported Item Supported
Archive Calendar
Clutter Companies
Contacts Conversion History
Deleted Items Drafts
External Contacts GAL Contacts
Inbox Journal
Junk Emails Notes
Organizational Contacts Outbox
PeopleCentricConversation Buddies PersonMetaData
Recipient Cache RS Feed
Search Folders Sent Items
Social Activity Notifications Sync Issues
Tasks Trash

These are the supported items that you can back up and restore from OneDrive

Item Supported Item Supported
Folders Files
Access Permissions Albums
Recycle Bin Tag

These are the supported SharePoint items that you can back up and restore from a Microsoft 365 backup set

Item Supported Item Supported
Announcements Assets Libraries
Bright Banner Calendar
Contacts Custom Lists
Data Connection Libraries Discussion Boards
External Lists Form Libraries
General Settings Import Spreadsheets
Issue Tracking Links
Look and Feel Manage Site Features
Newsfeed Permissions and Management
Picture and Libraries Report Libraries
Site Collection Features Site Page
Survey Version History
Wiki / Page Libraries

These are the supported SharePoint Site Collections template that you can back up and restore from a Microsoft 365 backup set

Item Supported Item Supported
Team Site Team Site (Classic Experience)
Blog Project Site
Developer Site Community Site
Document Center eDiscovery Center
Records Center Business Intelligence Center
Compliance Policy Center Enterprise Search Center
Community Portal Basic Search Center
Visio Process Repository My Site Host
Publishing Portal Enterprise WIKI
Modern Team Sites Modern Communication Site

These are the supported Site Column Type that you can back up and restore from a Microsoft 365 backup set

Item Supported Item Supported
CalendarFolderType CalendarItemType
ContactItemType ContactsFolderType
DistributionListType FolderType
MeetingCancellationMessageType MeetingMessageType
MeetingRequestMessageType MeetingResponseMessageType
MessageType PostItemType
SearchFolderType TasksFolderType
TaskType UserConfigurationType

These are the supported Items that you can back up and restore from the Public Folder of a Microsoft 365 backup set.

Item Supported Item Supported
Folders Files

Supported Backup Source

Below is the supported backup source for Microsoft 365 Backup and Restore.

  1. Mailbox Level: Outlook, OneDrive, Personal Site, Public Folders and Site Collections.
  2. Folder Level: Inbox, Drafts, Sent Items, Deleted Items, Archive, Calendar, Clutter, Contacts, Junk Email, Notes, RSS Feeds, Tasks and Trash.

Maximum Supported File Size

The following table shows the maximum supported file size per item for backup and restore of each service.

Service Maximum File Size
Outlook
-with or without attachments
-(applies to User mailbox, Room mailbox, Shared mailbox, Equipment mailbox)

150 MB

Public Folders
-with or without attachments

150 MB

OneDrive

8 GB

Personal Site

8 GB

Site Collections

8 GB

Limitations

  1. For restoration of Microsoft 365 backup set to alternate location, there are some limitations:
  2. Restore of mailbox items or public folder items is only supported if the according mailbox or public folder exists.
  3. If you are trying to restore the mailbox item to a destination mailbox which has a different language setting than the original mailbox, CloudBacko Pro will restore mailbox item(s) to their respective destination folder based on the translation listed below. For folders such as ‘Calendar’ or ‘Notes’, a new folder ‘Calendar’ or ‘Notes’ will be created.
    Backup source (English) Action Destination mailbox with Chinese as default language settings
    Inbox Merge 收件箱
    Outbox Merge 寄件匣
    Sent Items Merge 寄件備份
    Deleted Items Merge 刪除的郵件
    Drafts Merge 草稿
    Junk E-Mail Merge 垃圾電郵
    Calendar Create new folder Calendar
    Notes Create new folder Notes
  4. Modern Authentication is only supported for Microsoft 365 account that is registered in Global region and the Microsoft 365 backup is configured to use Global region.
  5. Backup sets using Modern Authentication cannot backup .aspx version file.
  6. Due to limitations in Microsoft API, when using Modern Authentication, backup and restore of SharePoint Web Parts and Metadata are not fully supported.
  7. Backup sets using Modern Authentication does not support restore of some list settings, currently known as Survey Options on survey list.

Best Practices and Recommendation

The following are some best practices and recommendation we strongly recommend you follow before you start any Microsoft 365 backup and restore.

  1. Temporary directory folder is used by CloudBacko Pro for storing backup set index files and any backup files generated during a backup job. To ensure optimal backup/restoration performance, it is recommended that the temporary directory folder is set to a local drive with sufficient free disk space.
  2. Performance Recommendation - Consider the following best practices for optimized performance of the backup operations:
  3. Backup Destination - To provide maximum data protection and flexible restore options, it is recommended to configure:
  4. Periodic Backup Schedule - The periodic backup schedule should be reviewed regularly to ensure that the interval is sufficient to handle the data volume on the machine. Over time, data usage pattern may change on a production server, e.g. the number of new files created, the number of files which are updated/deleted, and new users may be added etc.
  5. Authentication - Although Microsoft has moved the enforcement date for Modern Authentication from end of 2020 to the second half of 2021, since this new authentication is already available starting with CloudBacko Pro v4.1.4.0 or above, it is recommended that backup sets are migrated to Modern Authentication. All newly created Microsoft 365 backup sets on CloudBacko Pro v4.1.4.0 or above automatically use Modern Authentication.

    However, due to the current limitation with Microsoft API, Modern Authentication is currently not suitable for backup sets with Personal Sites and/or SharePoint Sites selected.
  6. Large number of Microsoft 365 users to Backup - It is recommended to divide the users into multiple backup sets. A single Microsoft 365 backup set should not contain more than 2,000 Microsoft 365 users. That is assuming that only small incremental daily changes will be made on the Run on Client backup set. By splitting up all the users into separate backup sets, the more backup sets, the faster the backup process can achieve.
  7. Concurrent Backup Thread - The value of 4 concurrent backup threads is found to be the optimal setting for Microsoft 365 backups, to ensure best backup performance, minimal resource usage, and lowest probability of throttling of backup requests by Microsoft 365.
  8. Backup Source - For Microsoft 365 backup sets there are two approaches for backup source selection.
    1. All Microsoft 365 Users - If you select “All users”, all of the sub Microsoft 365 user accounts will automatically be backed up.
    2. Selective Microsoft 365 User - If you select "Select Specific", you must choose the Microsoft 365 user accounts that will be backed up.

Creating a Microsoft 365 Backup Set

Key:

Field Description
Name The name of the backup set.
Backup set type The backup set type, e.g. Microsoft 365 Backup
Backup Scope The extent of the backup, either Entire Organization or This Microsoft 365 User Only.
Access the Internet through Proxy Checkbox will be ticked if proxy will be used to access the internet, cannot be edited.

To create a backup set with Modern Authentication :

  1. Enter a backup set name.
  2. Select the backup set type.
  3. Select the backup scope, e.g. Entire Organization.
  4. Selece the region, e.g. Global.
  5. Optional: Check the "Access the Internet through proxy" checkbox.
  6. Click the [Test] button.
  7. Click the [Authorize] button to start the authentication process.
  8. Sign in to your Microsoft account.
    If MFA is enforced for the Microsoft 365 user account used to authenticate the backup set, select to verify either by "Text" or "Call".
    Note: Verification is only required if the MFA status of a Microsoft 365 account is enforced.
  9. Copy the authorization code.
  10. Go back to CloudBacko Pro and paste the authorization code then click the [OK] button to proceed.
  11. The confirmation message Test completed successfully will be shown when CloudBacko Pro is connected to the Microsoft 365 account successfully.
  12. Click [Next] to proceed.