Veeam VBO (v5)
What is VBO?
"Veeam Backup for Microsoft Office 365 (VBO) is a comprehensive solution that allows you to back up and restore data of your Microsoft Office 365, on-premises Microsoft Exchange and on-premises Microsoft SharePoint organizations, including Microsoft OneDrive for Business."
BEC ("Business Email Compromise") attacks can be devastating. The average amount requested in wire transfer-based BEC attacks increased in 2020 from $48,000 in the third quarter to $75,000 in the fourth quarter." (source)
"Office 365 employs the “shared responsibility model,” which dictates that Microsoft is responsible for its own global infrastructure and ensuring that Office 365 remains up and running, and its customers are responsible for the access and control of their data that resides within the Office 365 infrastructure". According to a recent Enterprise Strategy Group report, 1 in 4 businesses don’t believe they need to backup Microsoft 365. This conclusion often stems from backup misconceptions and responsibility confusion...
Microsoft's Responsibility: Uptime OF the cloud.
Customer's Responsibility: Access and control of data IN the cloud.
Note: "The average length of time from data compromise to discovery is over 140 days, yet default settings only protect for 30 to 90 days".
"According to the software company Egress, 85% of organizations using Microsoft 365 have experienced an email data breach." (Source)
"After an email data breach, the vast majority (93%) of organizations using Microsoft 365 reported "suffering negative impacts," compared to 84% of non-Microsoft 365 users, according to Egress." (Source)
What's new in VBO V5 Randy Lee Jan 2021 - 15 minute video
"Office 365 backup and retention policies can only protect you from data loss in a limited way and are not intended to be a complete backup solution. Retention policies are always evolving and tend to be very complicated to manage and monitor. Commonly, Admins believe they are covered, only to find that in fact certain items are gone. A third-party Office 365 backup product is the best way to protect against accidental or malicious file deletion, other user errors, ransomware, and data corruption. A third-party Office 365 backup product is the only way to ensure that you can restore quickly and meet data retention requirements for Office 365 data."
Veeam Backup for Microsoft Office 365 - Overview
Veeam Backup for Microsoft Office 365: Availability vs Recoverability - Important questions to ask.
The Office 365 Shared Responsibility Model - “Why do I need to back up my Office 365 Exchange Online, SharePoint Online and OneDrive for Business data?”
YES, you can backup and restore Microsoft Teams data with Veeam. When data is posted and shared within Microsoft Teams, it is journaled into Exchange Online and SharePoint Online. You can use Veeam Explorers™ to find and restore Teams data, including chats, documents and sites.
VBO server (Scheduler), Proxy (Data Mover), Repository (MS ESE/JET Blue database)
Six Reasons for VBO...
Protect against accidental deletion of data.
Satisfy retention policy gaps and confusion.
Address internal security threats.
Address external security threats.
Satisfy legal and compliance requirements.
Manage hybrid email deployments and migrations to Office 365.
The new official capacity calculator for O365 is now live at https://calculator.veeam.com/vbo/. You can either connect it to your real account and retrieve needed data or manually input data.
HOL - Dive into VBO with a guided hands‑on lab experience. - Within 15 minutes, you will get a confirmation that your lab is ready. Once you submit your promo code you will have 3 hours to use the lab before it expires.
Item-level retention (object related) vs Snapshot-based retention
Item-level retention (object related)
Act like archive software
Items will be deleted if they were not created or modified f.e. within the last 3 years
Act like a backupfile
f.e. all files will be kept for 3 years
Items will be deleted only if they are expired and do not belong to a recovery point
"A backup repository will be extended with the specific object storage and backups will be off-loaded directly to object storage.
Once you configure a backup repository to offload data, it will consist of two parts:
Local folder, which contains metadata (JET DB)
Object storage, which contains the metadata and backups
When the backup job starts, the data first goes to the local cache, which is only stored in RAM memory, and afterwards is sent directly to the object storage. In the local cache we store the metadata to present the object directly via Veeam Explorer, but the content of the object itself (email body, attachment, appointment info, file contents…) is stored in the object storage.
Additionally, when you perform a restore via a Veeam Explorer you will get a notification if you are accessing data from Object Storage to warn you about potential costs. Below you can see how it looks for the Veeam Explorer for Microsoft Exchange when you open a restore point."
More information on VBO (Click here)
V5 Scalability and performance enhancements...
Addressing the needs of larger and growing organizations, version 5 delivers multiple architectural enhancements and processing optimizations to provide better scalability, simplified management and faster backups and restores.
5X backup infrastructure scalability increase is delivered with the support of up to 50 remote proxies per a single backup server.
Workgroup environment support addresses the needs of cloud deployments and releases the domain requirement for Veeam Backup for Microsoft Office 365 components. Additional remote proxies can now be deployed in workgroups, allowing for easier management and scaling up your backup infrastructure.
Faster population of objects in the backup job wizard reduces to minutes the time for creating or editing backup jobs via the UI for Office 365 organizations with more than 100,000 users, groups and sites. Additionally, searching for individual objects is now performed directly on the Azure AD side, which significantly speeds up finding a specific user, group or site you want to protect.
2X faster backup data migration to object storage from local repositories.
Faster backup and more efficient digesting of massive SharePoint Online sites achieved through parallel processing of individual lists and improved handling of failed items within lists.
Faster management operations and improved UI responsiveness for larger-scale deployments achieved with the optimized communication between backup infrastructure components.
Thousands of backup repositories, OneDrive accounts and Exchange items represented within seconds with the optimized RESTful API calls.
The information on space used on thousands of backup repositories is delivered within seconds with the optimized PowerShell cmdlets.
Technical Design and Architecture...
Veeam Backup for Microsoft Office 365 Calculator by Benedikt Däumling
Common support questions (Click here)
How to automate adding Veeam Backup for Microsoft Office 365 Auxiliary accounts (Click Here)
Posted: 07 May 2021 08:51 AM PDT
Veeam Backup for Microsoft Office 365 is subject to throttling rules placed on SharePoint sites. These rules limit traffic speed for any item downloaded per user from any SharePoint site or OneDrive for Business on Microsoft servers. These throttling rules generally go unnoticed in day-to-day use of the cloud product but can drastically limit backup recovery point objectives. Veeam has a solution to this problem in the way of Auxiliary backup accounts.
Auxiliary backup accounts provide a form of load balancing from SharePoint and OneDrive for Business servers through multiple Microsoft account invitations. Since each account can generally back up at the maximum defined throttling speed, the overall backup job completes exponentially faster. This will also speed up the backup of data that resides on SharePoint in the backend, like Microsoft Teams. Creating multiple user accounts in Microsoft Office 365 and then adding them to the Veeam Backup for Microsoft Office 365 console can take time and patience. It is also found when someone needs to do a repetitive task by hand; things like security might be overlooked to save time, like setting each account with the same password.
All of these points bring us to the reason for this blog, a PowerShell script that makes as many accounts as you want and sets a secure, unique password for Veeam Backup for Microsoft Office 365 version 5 for each account. This script was built for basic authentication. If the organization requires modern app-only authentication, then mitigating throttling Microsoft Azure AD applications will be needed. More information can be found in our user guide.
Before creating any accounts, there are a few things to consider. The script will need to be run from the Veeam Backup for Microsoft Office 365 server so that the users can be added to the console. When creating users to add into the Veeam Backup for Microsoft Office 365 console, they will be added via a security group, so the account used to run the script will need to be an administrator account in Office 365 with enough permissions to create users and groups then add them to that group. In the script, the number of accounts can be configured to whatever is needed for the organization. The script can also be re-run with increased numbers to add more users if needed. It is the recommendation to start at eight accounts per proxy added to the console for the organization, then monitor for any signs of continued throttling in the job. Examples of signs you’re still being throttled are getting 503 errors in the logs or if the console jobs seem to process significantly faster at the start of the job run then slow down as time goes on.
If there are still signs of OneDrive for Business or SharePoint sites being throttled in the job, then increase the number of accounts in increments of eight until the issue is resolved. The script has been designed to follow this model with the variables. The $ProxyCount only needs the number of proxies added in the console, and the math will be done in the background. If additional accounts are needed, then use the variable.
How to run the script...
Before running the script below, three variables must be filled in.
$ProxyCount will signify the number of proxies added to the Veeam Backup for Microsoft Office 365 console used for that organization.
$AzureAdmin needs to be a Microsoft 365 account admin with add and modify permissions for users and groups.
$VBOOrg is the organization’s name as it appears in the Veeam Backup for Microsoft Office 365 console.
If you need additional accounts, use the $AdditionalAccountSets variable. With this variable, you only need to increase the number by one increment to get an additional eight accounts. For example, if you increase the number to 10, the script will create an additional 80 accounts.
Create Auxiliary Backup Accounts script.
How to remove the accounts
There are many reasons to need the removal of data, including users, from Microsoft Office 365. Below is a script that will clear all accounts and the group created from the script above. These users will be removed from both the active user list and the recycling bin. The only variable that needs to be filled out in this script is $AzureAdmin for the account used to delete the users.
Remove Auxiliary Backup Accounts script.
Throttling from Microsoft can be a significant cause of job performance issues when processing SharePoint sites and OneDrive for Business objects, but adding backup auxiliary accounts can help alleviate this bottleneck and can be made easy by using the scripts mentioned above. If adding more accounts does not give a noticeable difference in backup efficiencies, then the problem might not be Microsoft throttling. Many other factors can also affect performance, like under-provisioned resources on the server or proxies, slow storage processing for the backup and network constraints, including internet connection.
Check out our Deployment Guide or the Best Practice Guide to ensure the components are appropriately provisioned and open a case with support if the issues persist. Please keep in mind that troubleshooting scripts is outside the support contract. Alternatively, Veeam has a great community on the forums to help with any Veeam-related script issues.
To get started with Veeam Backup for Microsoft Office 365, begin a FREE 30-day trial today!
The post How to automate adding Veeam Backup <em>for Microsoft Office 365</em> Auxiliary accounts appeared first on Veeam Software Official Blog.