Create Backup Set

Microsoft 365 Backup allows you to backup your Outlook, OneDrive, Personal Site and Public Folders from your Microsoft 365 account.

Requirements

You are strongly recommended to configure or check all the settings below to confirm all the requirements are met before you proceed with the Microsoft 365 backup and restoration:

  1. Make sure that the latest version of CloudBacko Lite is installed on your computer with Internet access for connection to your Microsoft 365 account.
  2. Upgrade VMware Tools - To avoid unexpected java crash, if the Windows machine is a guest VM hosted on a VMware Host then it is highly recommended that the VMware tools version installed on the guest VM must be 10.0.5 or above.
  3. Make sure that the Microsoft 365 Backup feature has been enabled as an add-on module in your CloudBacko Lite user account and there is enough Microsoft 365 Backup license quota to cover the backup of your users.

    The licenses for the Microsoft 365 module are calculated by the number of unique licensed or unlicensed Microsoft 365 user accounts. If same Microsoft 365 account is backed up on multiple backup sets with a CloudBacko Lite user account would be counted as one Microsoft 365 license.

  4. As CloudBacko Lite licenses are calculated on a per device basis:
  5. Backup Quota Requirement - Make sure that your CloudBacko Lite user account has sufficient quota assigned to accommodate the storage of the Microsoft 365 users for the new backup set and retention policy.
  6. A licensed Exchange Administrator or a licensed user with Public Folder permission is required otherwise you will not be able to access the public folder to select items for backup or restore.
  7. The default Java heap setting 2048M, is sufficient for Microsoft 365 backups based on the default 4 concurrent backup threads.

    The Java heap size should only be increased if the number of current backup threads is increased as more backup threads is expected to consume more memory. But this does not guarantee that the overall backup speed will be faster since there will be an increased chance of throttling.

    As the value of 4 concurrent backup threads is found to be the optimal setting for Microsoft 365 backups, to ensure best backup performance, minimal resource usage, and lowest probability of throttling of backup requests by Microsoft 365.

  8. The following subscription plans with Microsoft 365 email services are supported to run backup and restore on CloudBacko Lite.
    Microsoft 365 Business Microsoft 365 Business Essentials
    Microsoft 365 Business Premium Microsoft 365 Entrprise E1
    Microsoft 365 Entrprise E3 Microsoft 365 Entrprise E4
    Microsoft 365 Entrprise E5 Microsoft 365 Education
  9. Make sure your Microsoft 365 subscription with Microsoft is active in order to enjoy all privileges that come along with our backup services. If your account has expired, renew it with Microsoft as soon as possible so that you can continue to enjoy the Microsoft 365 backup services. When your account is expired, depending on your role, certain access restrictions will be applied to your account.

    Refer to the URL for more details: https://support.office.com/en-us/article/What-happens-to-my-data-and-access-when-my-Office-365-for-business-subscription-ends-4436582f-211a-45ec-b72e-33647f97d8a3#BKMK_TrialEnds

  10. Microsoft 365 Permission Requirements - The basic permissions required by a Microsoft user account for authentication of a Microsoft 365 backup set is as follows:
    Otherwise, proceed to grant all necessary permissions to the Microsoft user account as shown in the following instructions.

    Assigning Global Admin Role to Accounts
    To assign the Global Admin role to accounts, follow the steps below:
    Granting Permission to Discovery Management Group
    This permission allows users added under the Members section of the Discovery Management group (refer to Granting Permission to Accounts for Creating Backup Set) to back up and/or restore user item(s) not only for their own account, but also the accounts of other users in the same Members section.
    Granting Permission to Accounts for Creating Backup Set
  11. Data Synchronization Check (DSC) Setup - To compensate for the significant backup performance increase, there is a tradeoff made by the Change Key API, which skips the checking of de-selected files in the backup source, which over time can result in a discrepancy between the items or files/folders selected in the backup source and those in the backup destination(s).

    To overcome this, it is necessary in some cases to run a Data Synchronization Check (DSC) periodically, so that it will synchronize the data in the backup source and backup destination(s) to avoid data build-up and free up storage quota.

  12. Enabled Disabled
    Backup Time Since data synchronization check is enabled, it will only run on the set interval. For example, the default number of interval is 60 days. The backup time for the data synchronization job will take longer than the usual backup as it is checking the de-selected files and/or folders in the backup source and data in the backup destination(s) As data synchronization check is disabled, the backup time will not be affected.
    Storage Management of storage quota will be more efficient as it will detect items that are de-selected and move it to retention and will be removed after it exceeds the retention policy freeing up the storage quota. Management of storage quota will be less efficient even though files and/or folders are already de-selected from the backup source, these files will remain in the data area of backup destination(s).
  13. Authentication - To comply with Microsoft’s product roadmap for Microsoft 365, from CloudBacko Lite v4.1.4.0 or above, Basic Authentication (Authentication using Microsoft 365 login credentials) will no longer be utilized. Instead all new Microsoft 365 backup sets created will use Modern Authentication.

    Since the second half of 2021, it will be a mandatory requirement for organizations still using Basic Authentication or Hybrid Authentication to migrate to Modern Authentication.

    Modern Authentication provides a more secure user authentication by using app token for authentication aside from using the Microsoft 365 login credentials. In order to use Modern Authentication, the Microsoft 365 account is registered under Global region and the Microsoft 365 backup is configured to use Global region. As both Germany and China region do not support Modern Authentication.

    Existing backup sets using Basic Authentication can be migrated to Modern Authentication. However, once the authentication process is completed, the authentication can never be reverted back to Basic Authentication. For more information on how to migrate to Modern Authentication please refer to this link Migrating Authentication of Microsoft 365 Backup Set. After the upgrade to CloudBacko Lite v5 or above, the backup and restore process of existing Microsoft 365 backup sets still using Basic Authentication will not be affected during this transition period since Modern Authentication is not yet enforced by Microsoft.

    To check the current authentication being used in your Microsoft 365 backup set, see criteria below:

Supported Services

These are the supported services of Microsoft 365 Backup module

Services Supported Services Supported
Outlook Yammer
OneDrive Microsoft Stream
SharePoint Power BI
Microsoft Teams Microsoft Power Apps

These are the supported Outlook Mailbox types of Microsoft 365

Item Supported Item Supported
Archive Mailbox Distribution Group
Dynamic Distribution Group Equipment Mailbox
Microsoft 365 Group Public Folder
Public Folder Mailbox Room Mailbox
Security Group Shared Mailbox
User Mailbox

These are the supported items that you can back up and restore from an Outlook Mailbox

Item Supported Item Supported
Archive Calendar
Clutter Companies
Contacts Conversion History
Deleted Items Draft
External Contacts GAL Contacts
Inbox Journal
Junk Email Notes
Organizational Contacts Outbox
PeopleCentricConversation Buddies PersonMetaData
Recipient Cache RSS Feeds
Search Folders Sent Items
Social Activity Notifications Sync Issues
Tasks Trah

These are the supported items that you can back up and restore from OneDrive

Item Supported Item Supported
Folders ✔s Files
Access Permissions Albums
Recycle Bin Tag

These are the supported Items that you can back up and restore from the Public Folder of a Microsoft 365 backup set.

Item Supported Item Supported
Folders Files


Maximum Supported File Size

The following table shows the maximum supported file size per item for backup and restore of each service.

Service Maximum File Size
Outlook
-with or without attachments
-(applies to User mailbox, Room mailbox, Shared mailbox, Equipment mailbox)

150 MB

Public Folders
-with or without attachments

150 MB

OneDrive

8 GB

Personal Site

8 GB

Limitations

  1. Each CloudBacko Lite backup user account supports backup of a maximum of TWO Microsoft 365 personal accounts.
  2. OneDrive
  3. Outlook
  4. Modern Authentication is only supported for Microsoft 365 account that is registered in Global region and the Microsoft 365 backup is configured to use Global region.
  5. Backup sets using Modern Authentication cannot backup .aspx version file.
  6. Due to limitations in Microsoft API, when using Modern Authentication, backup and restore of SharePoint Web Parts and Metadata are not fully supported.
  7. Backup sets using Modern Authentication does not support restore of some list settings, currently knows as Survey Options on survey list.

Best Practices and Recommendation

The following are some best practices and recommendation we strongly recommend you follow before you start any Microsoft 365 backup and restore.

Creating a Microsoft 365 Backup Set

Name The name of the backup set.
Backup set type The backup set type, i.e. Microsoft 365 Backup
Access the Internet through Proxy Checkbox will be ticked if proxy will be used to access the internet, cannot be edited.

To create a backup set:

  1. Enter a backup set name.
  2. Select the backup set type.
  3. Optional: Check the 'Access the Internet through proxy' checkbox.
  4. Click the [Test] button.
  5. Click the [Authorize] button to start the authentication process.
  6. Sign in to your Microsoft account.

  7. If MFA is enforced for the Microsoft 365 user account used to authenticate the backup set, select to verify either by "Text" or "Call".
    Note: Verification is only required if the MFA status of a Microsoft 365 account is enforced.
  8. Copy the authorization code.
  9. Go back to CloudBacko Lite and paste the authorization code then click the [OK] button to proceed.
  10. The confirmation message Test completed successfully will be shown when CloudBacko Lite is connected to the Microsoft 365 account successfully.
  11. Click the [Next] button to proceed.