Microsoft 365 Agentless Guide

Requirements and Recommendations

Hardware and Software Requirement

Refer to the following link for details of the operating systems, applications and databases supported by Retrospect Virtual Host Server.

Overview

Retrospect Virtual allows you to back up your Microsoft 365 data on the cloud without the need to deploy a backup agent. You can access the Retrospect Virtual Console server environment easily on a web-based management console. This is a user interface that allows you to login remotely to a backup server to manage and monitor your backups.

Running your Microsoft 365 backup on Retrospect Virtual Console provides the following advantages:

Web-based Management Console: Our enriched features on the centralized user web console offers you a one-stop location for monitoring and managing your backup and restore, whether you are a system administrator or a backup user. Below is an overview of what you can do with it.

• Create backup set
• Restore backup
• Configure user settings
• Configure backup settings
• View and download backup and restore reports.
• Performance

The Change Key API has significantly improved backup performance of backup jobs, which means backup sets with a large number of Microsoft 365 accounts for backup can be completed within hours.

Live Activities Monitoring Feature: The Retrospect Virtual Console User Web Console has a live activity monitoring feature which is used to keep track of the backup and restore job(s). The following operations can be performed using this feature:

• View the status of the backup process that is currently running
• View the status of the restore process that is currently running

NOTE: There is an update interval of around five (5) seconds for both backup and restore activities.

No Additional Hardware / Device Required: As the Run on Server (agentless) backup set utilizes the resources of the Retrospect Virtual Console backup server, there is no need to provision additional physical or virtual machine to run the backup/restore which means the cost of each backup set is much lower than for an agent-based Microsoft 365 backup set.

Easy to Manage: The Retrospect Virtual Console User Web Console offers you an easy-to-manage user interface. This will help you save time, and it reduces the overall cost of support.

Backup Set Management from any Device (Accessibility): Backup/restore operation(s), backup set settings configuration, and backup/restore process monitoring can be done from any device as long as a web browser and internet connection are present in the device.

Backup of Selected Items: To back up the Microsoft 365 user accounts, the backup resources can be user level, site collection level and even item level.

• Flexible backup options: Only select the required users, specific site collection or items for backup.
• Flexible restore options: Restore all the users or just one user or restore the whole site collection or just one site or restore the whole user content or just one item. Or restore items to the original location or an alternate location.

Fast and Efficient: We understand that backup could be a time and resources consuming process, which is why Retrospect Virtual Console is designed with advanced technologies to make backup a fast and efficient process. We also understand that you may wish to run backup at a specified time interval of your choice, that’s why we also allow you to set your own backup schedules so that you can take full control of the time when to perform backup.

Multi-threading – this technology utilizes the computing power of multiple CPU cores for creating multiple backup and restore threads to produce fast backup and restore performance. The default setting for Microsoft 365 backup sets supports a total of 4 threads per backup job.

Higher Reliability: The implementation of one index file per user can significantly improve the overall resilience of backup and restore from index related issues. For example, if a single index file becomes corrupted, it will only affect corresponding user, while other users selected for backup are unaffected.

File Transfer Security: The Retrospect Virtual Console comes with a secure file transfer method using the https protocol that guarantees the highest level of security measure in safeguarding the movement of files from the backup source (Microsoft 365) to the backup destination (Retrospect Virtual Console server).

High Level of Security: We understand your Microsoft 365 users may contain sensitive information that requires to be protected, that is why your backup data will be encrypted with the highest level of security measure.

Encryption Key – to provide the best protection to your backup data, the encryption feature which by default will encrypt the backup data locally with AES 256-bit truly randomized encryption key.

Cloud Destinations Backup: By default, the Retrospect Virtual Console is set as the storage destination in creating an Microsoft 365 backup set. However, you have the option of selecting another storage destination as provided by your cloud service provider.

Compliance: Some organizations do not permit the installation of third-party applications on production environments due to regulatory requirements. An agentless solution allows for compliance during backup or restore.

Less Resources Needed: Backup client agent could interfere with the processing power of core applications of the machines that it is installed on. Run on Server Microsoft 365 backup job is performed on the backup server, which does not consume resources on client computer during a backup job.

Run on Server: A Run-on Server Microsoft 365 backup set provides you with an agentless backup solution. Manual schedules are performed directly by the Retrospect Virtual Console backup server; you do not need to install a backup agent on your personal computer in order to back up your data on cloud storages.

Run on Server backup and restore can be managed on a computer or device running on Windows/MacOS/Linux /iOS/Android as long as the device is able to support a web browser and has an internet connection.

Differences between a Run-on Server and Run-on Client Backup Set: The following table summarizes the differences in backup options available between a Run-on Server and Run-on Client Microsoft 365 backup set, and the tool to use (web console or client agent) when performing a backup and restore:

Aside from backup options, the table below shows other operations that can be performed using web console and client agent:

This should give you a good idea about when to choose agentless protection vs agent protection.

Getting Started

This document aims at providing all necessary information for you to get started with setting up your system for Run on Server (Agentless) Microsoft 365 backup and restore, followed by step-by-step instructions on creating backup set, running backup job, and restoring backed up data, using the Retrospect Virtual Console User Web Console.

The document can be divided into six (6) main parts.

1. Preparing for Microsoft 365 Backup & Restore
2. Performing a Microsoft 365 Backup
3. Restoring a Microsoft 365 Backup
4. Running a Data Integrity Check
5. Deleting Backup Data

Preparing for Backup and Restore

Login Credentials to Microsoft 365

To allow access to Microsoft 365 (backup source) in performing a backup, make sure to have the correct login credentials to Microsoft 365.

Valid Retrospect Virtual Host Server User Account

A valid Retrospect Virtual Host Server user account is required before you can access the Retrospect Virtual Console User Web Console. Please contact your system administrator for more details.

Add-on Module Requirements

Make sure that the Microsoft 365 Backup feature has been enabled as an add-on module in your Retrospect Virtual Host Server user account and there is enough Microsoft 365 Backup license quota to cover the backup of the users.

The licenses for the Microsoft 365 module are calculated by the number of unique licensed or unlicensed Microsoft 365 user accounts. If same Microsoft 365 account is backed up on multiple backup sets with an Retrospect Virtual Host Server user account, it would be counted as one Microsoft 365 license.

• Each licensed or unlicensed Microsoft 365 user account selected for backup requires one Microsoft 365 license.
• Each Equipment Mailbox, Room Mailbox, or Shared Mailbox selected for backup requires one Microsoft 365 license.
• If just only SharePoint Sites under the Site Collections and/or files of folders under Public Folder are selected for backup, this requires zero Microsoft 365 license but a minimum of one Microsoft 365 license is needed to perform a backup. The Microsoft 365 license is only needed to start the backup but it will not be counted as used license.

However, if any items from either Outlook, Items from OneDrive, or Personal Sites under Users are selected for backup, the Microsoft 365 license count will be calculated based on the number of user account selected.

Backup Quota Requirement

Make sure that your Retrospect Virtual Host Server user account has sufficient quota assigned to accommodate the storage of the Microsoft 365 users for the new backup set and retention policy. To get an accurate estimate of the backup quota requirement, it is recommended to check the actual usage of the Microsoft 365 Organization in the Microsoft 365 Admin Centre.

Microsoft 365 License Requirements

Microsoft 365 Subscription Plan

The following subscription plans with Microsoft 365 email services are supported to run backup and restore on Retrospect Virtual Console User Web Console.

Microsoft 365 Subscription Status

Make sure your Microsoft 365 subscription with Microsoft is active in order to enjoy all privileges that come along with our backup services. If your account has expired, renew it with Microsoft as soon as possible so that you can continue to enjoy the Microsoft 365 backup services.

When your account is expired, depending on your role, certain access restrictions will be applied to your account. Refer to the URL for more details, Microsoft 365 Subscription Status.

Restore Requirement

When restoring data of Microsoft 365 user, the account which the data will be restored to requires valid license(s):

• Requires Exchange License. Example: Exchange Online Plan and Microsoft 365 E3 are required when restoring Outlook’s / Public Folder’s items.
• Requires SharePoint License. Example: SharePoint Online Plan and Microsoft 365 E3 are required when restoring OneDrive’s / Personal Site’s items.

Microsoft 365 Permission Requirements for Retrospect Virtual Host Server

The basic permissions required by a Microsoft user account for authentication of an Retrospect Virtual Host Server Microsoft 365 backup set is as follows:

• Global Admin Role: The Microsoft 365 account used for authentication must have Global Admin Role, since Modern Authentication will be used. This is to ensure that the authorization configuration requirements will be fulfilled (e.g. connect to Microsoft Azure AD to obtain the App Access Token).
• Term Store Administrator Role: The Term Store Administrator Role may be required for backup and restore of SharePoint items.
• A member of Discovery Management security group: The Discovery Management security group must be assigned the following roles: ApplicationImpersonation, Legal Hold, Mailbox Import Export, Mailbox Search, Public Folders. Otherwise, proceed to grant all necessary permissions to the Microsoft user account.

Assigning Global Admin Role to Accounts

To assign the Global Admin role to accounts, follow the steps below:

• Click the App launcher in the upper left side then click Admin to go to the Microsoft 365 admin center.

• 1. In the Microsoft 365 admin center, on the left panel click Users. Find the user you want to assign the Global Admin and select Manage roles.

• In the Manage roles window, select Admin center access then check the box beside Global admin.

• 1. Click Save Changes to save the role you assigned.

Granting Term Store Administrator Role

To add Term Store Administrator role to the Microsoft 365 user account used to authenticate the Microsoft 365 backup set.

• In the SharePoint admin center, under Content services, click Term store.

• 1. In the tree view pane on the left, select the Taxonomy.

• 1. In the Term store page, for Admins, select Edit.

• 1. The Edit term store admins panel appears.
  2. Enter the names or email addresses of the Microsoft 365 user who you want to add as term store admins. Select Save.

Granting Permission to Discovery Management Group

This permission allows users added under the Members section of the Discovery Management group to back up and/or restore user item(s) not only for their own account, but also the accounts of other users in the same Members section.

1. Open https://outlook.office365.com/ecp
2. Log in to the Microsoft 365 as an account administrator.

1. Select the permissions menu on the left, then double click on Discovery Management on the right.

1. Click the + icon under the Roles section. These are the following roles: ApplicationImpersonation, Legal Hold, Mailbox Import Export, Mailbox Search, Public Folders

1. Click Save to confirm and exit the setting.

Granting Permission to Accounts for Creating Backup Set

1. Open https://outlook.office365.com/ecp
2. Log in to the Microsoft 365 as an account administrator.

1. Select the permissions menu on the left, then double click on Discovery Management on the right.

1. You can now add users to this group. Click the + icon under the Members section.

1. Look for the username(s) of the account that you would like to add permission for, then click add > OK to add the corresponding user(s) to the permission group.

1. Click Save to confirm and exit the setting.

Granting Permission to restore all share link types to alternate location in Microsoft 365

To successfully restore all share link types to alternate location of the same organization in Microsoft 365, follow the settings below:

Allowing anonymous users to access application pages

1. Click the App launcher in the upper left side.

1. Click SharePoint to go to the SharePoint page.

1. Click Settings > Site Settings.

1. Under Site Collection Administration, click Site collection features.

1. Scroll down and look for “Limited-access user permission lockdown mode”, click the Deactivate button.

1. Click Deactivate this feature.

1. Once deactivated, the Deactivate button will no longer be available.

Allowing sharing to external users

1. Go to your Microsoft 365 Admin Center > All admin centers > in the right pane select SharePoint.

1. Go to Policies > Sharing.

1. Under "External sharing" the button must be in line with “Existing guests” and click Save.

Data Synchronization Check (DSC) Setup

To compensate for the significant backup performance increase, there is a tradeoff made by the Change Key API, which skips the checking of de-selected files in the backup source, which over time can result in a discrepancy between the items or files/folders selected in the backup sources and those in the backup destination(s). However, the Change Key API will continue to check for de-selected Microsoft 365 user accounts or Site Collections. Un-selected individual Microsoft 365 user accounts or Site Collections detected during a backup job will be automatically moved to retention area.

To overcome this, it is necessary in some cases to run a Data Synchronization Check (DSC) periodically. The DSC is similar to a regular Microsoft 365 Change Key API backup job but with the additional checking and handling of de-selected files and/or folders in the backup source. So that it will synchronize the data in the backup source and backup destination(s) to avoid data build-up and the freeing up of storage quota.

Here are the pros and cons of performing the DSC:

Authentication

To comply with Microsoft’s product roadmap for Microsoft 365, Basic Authentication (Authentication using Microsoft 365 login credentials) will no longer be utilized. Instead, all new Microsoft 365 backup sets created will use Modern Authentication.

Modern Authentication provides a more secure user authentication by using app token for authentication aside from using the Microsoft 365 login credentials. In order to use Modern Authentication, the Microsoft 365 account is registered under Global region and the Microsoft 365 backup is configured to use Global region. As both Germany and China region do not support Modern Authentication.

In order to migrate existing backup sets to Modern Authentication there are two (2) methods:

• The first method is the Microsoft 365 account used for the backup set is assigned the Global Admin.
• The second method is the Microsoft 365 account used for the backup set is an ordinary account. When changing the settings of the backup set, the user can ask a Microsoft 365 Global Admin to grant permission to authorize the migration of authentication. This is only required in migrating from Basic Authentication to Modern Authentication. This only needs to be done once per backup set.

To check the current authentication being used in your Microsoft 365 backup set, see criteria below:

Basic Authentication

If you click on the backup set and the following pop-up message is displayed, then the backup set is using Basic Authentication.

Modern and Hybrid Authentication

For backup set using Modern or Hybrid Authentication, there is no pop up authentication alert.

Supported Services

Below are the supported services of Microsoft 365 Backup module. It is also specified in the table some services that are currently not yet supported by the Microsoft 365 Backup module.

Below are the supported Outlook Mailbox types of Microsoft 365 Backup.

Below are the items that you can back up or restore from an Outlook mailbox.

Below are the items that you can back up or restore from OneDrive.

Below are the items that you can backup or restore from Teams Chat / Channel.

Below are the Site Collections/Personal Site items that you can back up or restore from a Microsoft 365 backup set.

Below are the SharePoint Site Collections template that you can back up or restore from a Microsoft 365 backup set.

Below is the Site Column Type that you can back up or restore from a Microsoft 365 backup set.

Below are the items from the Public Folder that you can backup and restore from a Microsoft 365 backup set.

Maximum Supported File Size

The following table shows the maximum supported file size per item for backup and restore of each service.

Retrospect Virtual Host Server

Limitations

Retrospect Virtual Host Server

Modern Authentication

Modern Authentication is only supported for Microsoft 365 account that is registered in Global region and the Microsoft 365 backup is configured to use Global region.

• Migration to Modern Authentication is not supported on a Microsoft 365 account without a Global Admin role; or during the migration process, the Microsoft 365 account used to authenticate the migration does not have Global Admin role.
• Backup and restore of the site features setting for SharePoint Site Collection and/or Personal Site using Modern Authentication is not supported.
• Due to limitations in Microsoft API, when using Modern Authentication, backup and restore of SharePoint Web Parts and Metadata are not fully supported.
• Backup sets using Modern Authentication do not support backup of external content types (through the linkage from selected lists).
• Backup sets using Modern Authentication do not support backup and restore of the following:
  • Some list settings, currently known as Survey Options on survey list.
  • Feature setting for SharePoint Site and Personal Site.

SharePoint

• Document Libraries, List Items and their default Column Types will be supported, excluding customized Apps and SharePoint App Store applications.
• Most of site lists will be supported, except for certain list types that will be skipped during restore due to API limitation, for example is Microfeed in Classic Team Site.
• Site logos will NOT be restored, it is suggested revisiting the site setting page and manually add the missing images if necessary.
• User-defined workflow templates will NOT be supported for backup and restore.
• Recycle Bin will NOT be supported for backup and restore.
• Most of Site level settings will NOT be restored, except for those essential to support the successful restore of the backup items e.g. Manage Site Feature / Site Collection Feature.
• Most of List level settings (including List view) will NOT be restored, except for those essential to support the successful restore of backup items, e.g. item checkout settings. Following restore, it is suggested revisiting the relevant settings if necessary. This may affect list column ordering and visibility after restoring.
• Restoring External Data column is NOT supported if external content type has been deleted via SharePoint Designer.
• Restoring of multiple Value of managed metadata column when the key name (column name) contains space is NOT supported.
• Restoring of list with local managed metadata column to alternate location is NOT supported.
• The restore of SharePoint documents or folders with the following characters: / \ | * : “ < > in item name to a Windows local computer is not supported. As Windows does not support these characters for either a file or folder name.
• Restoring Newsfeed items in Modern Team Site will not publish the items to Homepage automatically, user will need to navigate to Site Content > Page Library> click on each individual news item and “Post” the news one by one manually.
  • Backup User (except for Global Admin) may not have permission to back up the site collection even if he/she can view it in the backup source tree. FOR EACH site collection, the user can back up only if he/she is assigned as a site admin of that site collection. Feature setting for SharePoint Site and Personal Site.
    • If the user is assigned as site admin of the root level site collection only, he/she is not automatically added as site admin of other site collection under that root level site collection (e.g. If user is to backup specific site collection under the root, he/she has to be added as site admin of that specific site collection under the root also).
    • For site collection that can be viewed by user in the source tree which he/she is not yet assigned as a site administrator:
      • when user expand the node of that site collection, access denied error pop up will be given.
      • when user tick such site collection to backup, access denied error will be given in the backup log.

OneDrive

• Backup and restore of file share links will be supported for OneDrive and SharePoint Documents only, and only for restore to the same Microsoft 365 organization.
• Backup and restore of all versions will be supported for OneDrive and SharePoint Documents only, except for ”.aspx“ files.

Teams

• Backup of external chat/message, attachment to system message backup (e.g. meeting recording) and backup tabs, pins for chat/channel are not supported.
• Restore of chat/channel to original thread is not supported. Restore only as data export in HTML format, stored to local or OneDrive.
• Refer to the table below for the limitations regarding Teams Chat backup.

Here are some sample scenarios:

Example No. 1

You are required to backup Microsoft 365 user: Tom

Selection:

• Backup Scope: Entire Organization

• Microsoft 365 user: Tom

• Data type: Teams Chat (assuming no Outlook or Personal Site data) and OneDrive

Scenario:

Tom is in a group Teams Chat which includes Amy, Joe and Teresa.

They chat about their project within the group, share files, etc.

If you create a Backup Set and select only Tom; it will include only messages sent by Tom for the 1:1 group chat where Tom is included.

It will only include files that Tom had attached. It will not backup file attachments from the other three participants.

There will be Warnings after backup that items were not backed up when not all the users involved in the conversation are selected for backup. This is a sample of the warning that can be viewed from the backup report “Messages from users [email protected] in Chat “Joe SmithsonTom Smith,” will skip to backup cause users are not selected”.

When you Restore from this Backup Set to choose this group Teams Chat you will only see messages from Tom. Check the screenshot of the actual conversation, as you can see the messages from the other users were not backed up.

You will only be able to download and/or restore files shared by Tom. This means you will need to include the other users in your Backup Set Source selection if you want to be able to download and/or restore the files they shared. In the screenshot below, only files shared by Tom will be listed.

Example No. 2

You are required to backup Microsoft 365 user: Joe.

Selection:

• Backup Scope: Entire Organization

• Microsoft 365 user: Joe and Tom

• Data type: Teams Chat (assuming no Outlook or Personal Site data) and OneDrive

Scenario:

Joe has 1:1 chat with Teresa, and they shared files with each other.

Joe has 1:1 chat with Tom, and they shared files with each other.

If you create a Backup Set and select only Joe and Tom, it will include Joe’s chat message with Tom, and files shared by Joe and Tom. It will not include Teresa’s chat message and file attachments.

There will be Warnings after backup that items were not backed up when not all the users involved in the conversation are selected for backup. This is a sample of the warning that can be viewed from the backup report “Messages from users [email protected] in Chat “Joe SmithsonTeresa Smits,” will skip to backup cause users are not selected”.

When you Restore from this Backup Set to choose from Joe’s list of chats, you can open the conversation between Joe and Tom, you can also restore any files they shared with each other.

The chat displays messages from Joe and Tom.

Files shared between them can also be downloaded and/or restored.

But when you click on the conversation with Teresa, you will see the chat messages from Joe only. Please refer to the screenshot of the actual chat.

Only the file that Joe shared with Teresa will be available for download and/or restore. Files that were shared by Teresa will not be available since she was not selected in the Backup Source Selection.

Example No. 3

You are required to backup Microsoft 365 user: Joe.

Selection: * Backup Scope: Entire Organization

+ 

+ * Microsoft 365 user: Joe and Tom

+ 

+ * Data type: Teams Chat

+ 

Scenario:

Joe has 1:1 chat with Teresa, and they shared files with each other.

Joe has 1:1 chat with Tom, and they shared files with each other.

If you create a Backup Set, and select only Joe and Tom, it will include Joe’s chat message with Tom. It will not include Teresa’s messages as Teresa is not selected. It will also not include any files attached as OneDrive is not selected.

There will be Warnings after backup that items were not backed up when not all the users involved in the conversation are selected for backup. This is a sample of the warning that can be viewed from the backup report “Messages from users [email protected] in Chat “Joe SmithsonTeresa Smits,” will skip to backup cause users are not selected”.

When you Restore from this Backup Set to choose from Joe’s list of chats, and open the conversation between Joe and Tom, you can only restore messages.

Files that they shared with each other will be listed under the Files tab, but you cannot download and/or restore them.

And when you click on the download button, this error message will appear because OneDrive is not a selected Data Type, which means the shared file was not backed up since file attachments are saved in OneDrive.

But when you click on the conversation with Teresa, you will see the chat messages from Joe only since Teresa is not selected as a backup source.

Only files shared by Joe will be listed under the Files tab, but it will not be available for download and/or restore.

This error message will be displayed when you click on the download button since OneDrive is not a selected Data Type.

Example No. 4

You are required to backup Microsoft 365 user: Teresa.

Selection: * Backup Scope: This Microsoft 365 user only

+ 

+ * Microsoft 365 user: Teresa

+ 

+ * Data type: Teams Chat (assuming no Outlook or Personal Site) and OneDrive

+ 

Scenario:

Teresa is in a group Teams Chat which includes Amy, Joe and Tom.

They chat about their project within the group, share files, etc.

If you create a Backup Set, it will include all messages sent by Teresa as well as messages from the other users for the 1:1 group chat where Teresa is included.

It will only include files that Teresa had attached. It will not backup file attachments from the other three participants.

When you Restore from this Backup Set to choose this group Teams Chat you will see all the messages in the chat. Please refer to the screenshot of the actual conversation above, as you can see all the messages from all the users were backed up.

You will only be able to download and/or restore files shared by Teresa. In the screenshot below, all the files shared in the chat will be listed.

But you will not be able to download and/or restore the files shared by the other users. When you click on the download button, the message below will be displayed.

Example No. 5

You are required to backup Microsoft 365 user: Joe.

Selection: * Backup Scope: This Microsoft 365 user only

+ 

+ * Microsoft 365 user: Joe

+ 

+ * Data type: Teams Chat

+ 

Scenario:

Joe has a 1:1 chat with Tom, and they shared files with each other.

If you create a Backup Set, it will include Joe’s chat message with Tom. But it will not include any files attached as OneDrive is not selected.

When you Restore from this Backup Set and open the conversation between Joe and Tom, you can only restore messages.

Files that they shared with each other will be listed under the Files tab, but you cannot download and/or restore them.

And when you click on the download button, this error message will appear because OneDrive is not a selected Data Type, which means the shared file was not backed up since file attachments are saved in OneDrive.

Outlook

• Online Archive Mailbox will NOT be supported for backup and restore.
• For Outlook mail item, after using restore to original location to overwrite a mail item (the restored mail item is assigned a new mail ID), then in the backup source tree of the same backup set:
  • the original ticked item still uses the old mail ID to reference and becomes red item.
  • there is another item (with the new mail ID) created for that mail item

To avoid future backup error/warning, the user will need to deselect the red item and tick the mail item again (new mail ID) in the backup source tree. This re-selection of backup source is not automatically done after you restore under overwrite to original location scenario.

Restore filter feature

Restore filter using Retrospect Virtual Console User Web Console is not yet supported.

Restore to Local machine

Restore to Local Machine is not supported using Retrospect Virtual Console User Web Console. It is only available using Retrospect Virtual Host Server.

Restore to Alternate location

• Only administrator account or user account with administrative authority can restore backup items to an alternate location.
• If you are trying to restore item(s) from one user to an alternate location user, Retrospect Virtual Host Server will restore the item(s) to their respective destination folder(s) with the same name as the original folder(s).
  • Example: Item from Outlook of User-A will be restored to the Outlook of the alternate location User-B; Item from SharePoint of User-A will be restored to the SharePoint of the alternate location User-B.
• Restore of item(s) in public folder to an alternate location public folder is not supported.
  • Example: Restore of item(s) in public folder from User-A to alternate location User-B is not supported.
• When restoring to alternate location, data type “Person or Group” will not be restored. Following restore, it is suggested revisiting the relevant settings if necessary. This also affects “Assigned To” column values of some list templates (e.g. Tasks list), and “Target Audience” column values of some list templates (e.g. Content and Structure Reports).
• If you are trying to restore item(s) from several users to an alternate location user, Retrospect Virtual Host Server will restore the item(s) to their respective destination folder(s) in alternate location user with the same name as the original folder(s).

Example: Item from Outlook of User-A and User-B will be restored to the Outlook of the alternate location User-C.

Restore to Alternate Microsoft 365 account

If you are trying to restore item(s) from multiple Microsoft 365 user account to an alternate Microsoft 365 user account, Retrospect Virtual Host Server can only restore one Microsoft 365 user account at a time.

Restore to Alternate Organization

• Restoring of document library (including OneDrive) items 'Share Link’ to alternate organization will trigger a warning message.
• Skip to restore People and groups and Site permissions to alternate origination.

Restore data to a destination user which has a different language

If you are trying to restore the item to a destination user which has a different language setting than the original user, Retrospect Virtual Host Server will restore item(s) to their respective destination folder based on the translation listed below.

For folders such as ‘Calendar’ or ‘Notes’, a new folder ‘Calendar’ or ‘Notes’ will be created.

For folders in OneDrive and SharePoint, a new folder will be created.

Restore existing documents in checked-out status

Restoring of existing documents in checked out status is supported only when the user who has checked out the file is the same user who is performing the restore.

Microsoft Limitations

Exchange Online

For more detailed information on the limitations of Exchange Online, please refer to this Microsoft article, Exchange Online Limits. These are some of the limitations that will be discussed in the Exchange Online Limits article:

• Address book
• Mailbox storage
• Capacity alerts
• Mailbox folder
• Message
• Receiving and sending
• Retention
• Distribution group
• Journal, Transport, and Inbox rule
• Moderation
• Exchange ActiveSync

OneDrive

For more detailed information on the limitations of OneDrive, please refer to this Microsoft article, OneDrive Limits. These are some of the limitations that will be discussed in the OneDrive Limits article:

• File name and path lengths
• Thumbnails and previews
• Number of items to be synced
• Information rights management
• Differential sync
• Libraries with specific columns
• Windows specific limitations

SharePoint

For more detailed information on the limitations of SharePoint Online, please refer to this Microsoft article, SharePoint Online Limits. These are some of the limitations that will be discussed in the SharePoint Online article:

• Limits by plan

• Service limits for all plans, such as: items in lists and libraries, file size and file path length, moving and copying across site collections, sync, versions, SharePoint groups, managed metadata, subsites, etc.

Retrospect Virtual Console Run on Server (Agentless)

*Standard and Local Destination Settings

For the backup destination settings, only the Retrospect Virtual Console or predefined destination is supported in the Retrospect Virtual Console Run on Server (Agentless) backup.

It is not possible to assign other standard destinations such as the customers personal Google Drive, OneDrive, DropBox, Amazon S3, Azure, and other storage accounts as the backup destination for a Run-on Server backup set.

Reminder

The reminder feature is not supported in the Retrospect Virtual Console User Web Console. Unlike with the agent-based backup, when this feature is enabled, a backup confirmation dialog box will prompt the user to run a backup job during machine log off, restart, or shut down when Retrospect Virtual Host Server is installed on a Windows platform.

IP Allowed for Restore

This setting permits to predefine IP ranges that are allowed to perform restore as configured by the system administrator. This feature is only applicable in a Run on Client Microsoft 365 restore operation and is not supported in a Run on Server Microsoft 365 restore.

Space Freeing up

Space freeing up feature is used to remove obsolete file(s) from your backup set and destination. This feature is only applicable in a Run on Client Microsoft 365 Backup Set and is not supported in a Run on Server Microsoft 365 Backup.

Decrypt Backup Data

Decrypt backup data feature is used to restore raw data by using the data encryption key that was set for the backup set. This feature is only applicable in a Run on Client Microsoft 365 Backup Set and is not supported in a Run on Server Microsoft 365 Backup.

System Logs

Retrospect Virtual Host Server backup user account does not have access to the system logs related to the Data Integrity Check operation through the Retrospect Virtual Console user console.

Therefore, the backup user does not have the ability to verify the results of these operations without the assistance of the admin.

Best Practices and Recommendations

The following are some best practices or recommendations we strongly recommend you follow before you start any Microsoft 365 backup and restore on Run on Server (Agentless).

Performance Recommendations

Consider the following best practices for optimized performance of the agentless backup and restore operations:

Perform test restores periodically to ensure your backup is set up and performed properly. Performing recovery test can also help identify potential issues or gaps in your recovery plan. It is important that you do not try to make the test easier, as the objective of a successful test is not to demonstrate that everything is flawless. There might be flaws identified in the plan throughout the test and it is important to identify those flaws.

Concurrent Backup Thread

The value of 4 concurrent backup threads is found to be the optimal setting for Microsoft 365 backups to ensure best backup performance, minimal resource usage, and lowest probability of throttling of backup requests by Microsoft 365.

Recommended Number of Microsoft 365 users on a Backup Set

To ensure that your Microsoft 365 Run on Server backup set completes the backup job within 24 hours, it is recommended that a single Microsoft 365 Run On Server backup set should not contain more than 2,000 users. That is assuming that only small incremental daily changes will be made on the Run-on Server backup set.

Authentication

Since Modern Authentication is already available, it is recommended that backup sets are migrated to Modern Authentication. All newly created Microsoft 365 backup sets on Retrospect Virtual Console automatically use Modern Authentication.

Large number of Microsoft 365 users to Backup

It is recommended to divide the users into multiple backup sets. A single Microsoft 365 backup set should not contain more than 2,000 Microsoft 365 users. That is assuming that only small incremental daily changes will be made on the Run-on Client backup set.

By splitting up all the users into separate backup sets, the more backup sets, the faster the backup process can finish.

It is also a requirement that for every split backup set should have its own unique user account for authentication to minimize the probability of throttling from Microsoft.

Example: If there are 10 split backup sets, then there should be 10 unique user accounts for authentication.

Periodic Backup Schedule

The periodic backup schedule should be reviewed regularly to ensure that the interval is sufficient to handle the data volume on the machine. Over time, data usage pattern may change on a production server, e.g., the number of new files created the number of files which are updated/deleted, and new users may be added etc.

Consider the following key points to efficiently handle backup sets with periodic backup schedule.

• Hardware – to achieve optimal performance, compatible hardware requirements is a must. Ensure you have the backup machine’s appropriate hardware specifications to accommodate frequency of backups,
  • so that the data is always backed up within the periodic backup interval
  • so that the backup frequency does not affect the performance of the production server
• Network – make sure to have enough network bandwidth to accommodate the volume of data within the backup interval.
• Retention Policy - also make sure to consider the retention policy settings and retention area storage management which can grow because of the changes in the backup data for each backup job.

Backup Source for Retrospect Virtual Host Server

For Microsoft 365 backup sets there are two approaches for backup source selection. Below are the sample screenshots of the selection All Microsoft 365 users and Selective Microsoft 365 user.

• All Microsoft 365 users

If you select “Backup all Users”, all of the Microsoft 365 user accounts will automatically be selected.

• Selective Microsoft 365 user

If you select “Select Specific”, you can select the users that you want to backup.

These are the Pros and Cons when selecting a backup source from all Microsoft 365 users and selective Microsoft 365 user.

*All Items*

Tick all the checkboxes, all of the items of the Microsoft 365 user account will automatically be selected.

Selective Items

Tick selective items to backup, either Outlook, OneDrive, Personal Site or Public Folders. In our example, only Outlook and OneDrive are ticked.

These are the Pros and Cons when selecting a backup source from All Items and Selective Items.

Creating a Microsoft 365 Backup Set

1. Log in to the User Web Console.
2. Click the User icon on the User Web Console landing page.
3. On the Backup Set menu, click the + icon to create a backup set.

1. Select the type as Microsoft 365 Backup, then name the backup set.

1. On the same menu under Run on, select Server to create a Run on Server (Agentless) backup set.

Notes

• If you choose to run the backup set on the Retrospect Virtual Console server, you won’t be able to back up, restore or manage your backups on Retrospect Virtual Host Server once the backup set is created.
• This setting CANNOT be altered once the backup set is created. If you wish to change the backup method later, you will have to create a new backup set and start over the configurations again.
• For backup sets created in Run on Server backup type, the backup destination is restricted to either Retrospect Virtual Console or a predefined destination (if setup by your backup admin). If you wish to back up to other cloud destinations or back up to multiple destinations, the backup set should be created in Run on Client backup type instead.

For Retrospect Virtual Host Server select the Backup scope and Region then click Test.

Click Authorize to start the authentication process.

Sign in to your Microsoft account.

If MFA is enforced, enter the code and click Verify.

NOTE: The verification code is only required if the MFA status of a Microsoft 365 account is enforced.

Copy the authorization code.

Go back to Retrospect Virtual Console and paste the authorization code. Click OK to proceed.

Test completed successfully will be displayed when the validation is successful. Click  to proceed.

1. Select the users and the data type for backup.

Retrospect Virtual Host Server

For Retrospect Virtual Host Server, the Backup Source window that will be displayed will depend on the backup scope selected. Either Entire organization or This Microsoft 365 user only.

If Entire organization is selected this will be the screen displayed.

To select specific users, click Select.

Users can be sorted alphabetically or by User Group.

Example of users sorted alphabetically.

Example of users sorted by User Group

List of users can be displayed in three ways.

Searching for a particular user is possible by entering the name or email address then click . A list of names and email addresses will be displayed containing the search criteria. Click Check All Current Items to select all listed users.

Select specific users by ticking the checkbox beside the user.

To display selected users only, select Selected only.

Click  once done with the selection.

Tick the Auto-exclude any unlicensed user during backup checkbox if you do not want to include unlicensed users in your backup.

An unlicensed user is depicted by this icon .

Select the data type that you want to be included in the backup. Select from Outlook, OneDrive, Personal Site and Teams Chat. Ticking the checkbox will backup all, i.e. ticking the Outlook checkbox will back up the mailboxes of the selected user(s). For Teams Chat, it is not necessary to select other user accounts involved in the chat to backup the conversation.

Select to backup Teams, SharePoint Sites and Public Folders.

To select a specific Group to backup in Teams, click Select.

Searching for a particular group is also possible, enter the group name in the Search Groups field and click . List of groups can also be displayed in three ways: Show all, Selected only and No longer available. Click  once done with the selection. Also select if Group Mail, Group Site and/or Teams Channel will be included in the backup.

Note: In order to backup shared attachments for certain Teams Channel posts, OneDrive and Group Site must be selected as source.

To select a specific Site to backup in SharePoint, click Select.

Searching and listing for Sites is the same process as discussed above.

To select a specific Public Foder, click Select.

Searching and listing for Public Folders is the same process as discussed above.

Overview of Microsoft 365 Backup Process

The following steps are performed during a backup job.

Periodic Data Integrity Check (PDIC) Process

The PDIC will run on the first backup job that falls on the corresponding day of the week from Monday to Friday.

To minimize the impact of the potential load of large number of PDIC jobs running at the same time on the Retrospect Virtual Console server, the schedule of a PDIC job for each backup set is automatically determined by the result of the following formula:

The calculated result will map to the corresponding day of the week (i.e., from Monday to Friday).

NOTE: The PDIC schedule cannot be changed.

Example:

Backup set ID: 1594627447932

Calculation: 1594627447932 mod 5 = *2*

In this example:

• the PDIC will run on the first backup job that falls on Wednesday; or
• if there is no active backup job(s) running from Monday to Friday, then the PDIC will run on the next available backup job.

NOTE

Although according to the PDIC formula for determining the schedule is %BackupSetID% mod 5, this schedule only applies if the previous PDIC job was actually run more than 7 days prior.

Under certain conditions, the PDIC may not run strictly according to this formula. For example:

If backup jobs for a backup set are not run on a regular daily backup schedule (for example: on a weekly or monthly schedule), then the PDIC job will run if it detects that the previous PDIC job was run more than 7 days ago.

Backup Set Index Handling Process

To minimize the possibility of index related issues affecting backups, each time index files are downloaded from and uploaded to backup destination(s); the file size, last modified date, and checksum is verified to ensure index file integrity.

Start Backup Job

See above.

Completed Backup Job

See above.

Data Validation Check Process

As an additional measure to ensure that all files transferred to the backup destination(s) are received and saved correctly, both the number of 32 or 64 MB data block files and the size of each block file are checked again after the files are transferred.

Running Backup Job

1. Log in to the User Web Console.
2. Click on the User icon.
3. Under the Backup Set > Manage Backup Set menu, you should see the backup set you have created.

1. Click the drop-down menu on the backup set that you would like to start a backup for. Select Backup and then click Run.

1. Check the Migrate Data and Retention Policy settings if necessary.

NOTE: Migrate Data will only be available if Deduplication is enabled for the backup set. Deduplication settings may be modified in Backup / Restore > User > Backup Set > %Backup Set Name% > Deduplication. When the Migrate Data option is enabled, the existing data will be migrated to the latest version during a backup job. Backup job(s) for backup sets with Migrate Data enabled may take longer to finish.

1. Click  to start the backup.
2. You will see the status showing Backup is Running when the backup is in progress.

1. If you want to monitor the backup status, you need to go to Live Activities to watch the progress.

Restoring Microsoft 365 Backup Set

1. Log in to the User Web Console.
2. Click on the User icon.
3. You should see the backup set you would like to restore under Backup Set > Manage Backup Set. Click on the drop-down menu on the backup set you would like to restore, then select Restore and click Run.

1. Choose data to be restored.

For Retrospect Virtual Host Server, select to restore from Users, Teams, SharePoint Sites or Public Folders.

NOTE: Choices for data to be restored will depend on the data that was backed up. Only one type of data can be restored at a time, e.g. if you choose to restore Users and Teams you can restore Users first then after the restore process, do the restore for Teams next.

From Users

Users can be sorted alphabetically or by User Group. There is also a search function if there are many Users listed. Click on the user that will be restored.

Here are sample screenshots for:

Retrospect Virtual Host Server

Select the item(s) you would like to restore. You can also choose to restore backed up file from a specific backup job of your choice using the drop-down menu at the top.

If the checkbox beside Outlook is ticked, then all the items under Outlook will be restored.

Items can also be filtered according to the received date. Set the From and To dates of the items then click Show.

Specific items can also be selected. There is a preview function that will let you see the content so you can check if you want to restore it.

To do this click . In the Preview Email window you can restore and download the email by clicking Quick Download then Continue.

After the download is complete, a zip file will be created that contains the file. Click Close once done.

You can also download just the attachment by clicking on the attachment itself.

Click Continue to proceed.

Click Close once done.

If the checkbox beside OneDrive is ticked, then all the items under OneDrive will be restored.

Specific items can also be selected. There is a download function that will let you download the item.

Click  to download the item. Click Continue to start the download and restore. After the download is complete, a zip file will be created that contains the file.

If the checkbox beside Personal Site is ticked, then all the items under Personal Site will be restored.

Specific items can also be selected. There is a preview function that will let you see the content so you can check if you want to restore it. For instructions on how to use the preview function please refer to the instructions discussed above.

If the checkbox beside Teams Chat is ticked, then all the items under Teams Chat will be restored.

Specific items can also be selected to be restored. There is a download function that will let you download the chat directly. Click the  link.

NOTE: Teams chat will not be restored to the original thread. Instead, it will only be restored as data export in HTML format stored in the local machine or OneDrive.

Click Continue to start the download and restore. Click Close once done.

Click  to proceed.

From Teams

Click on the Group that will be restored. There is also a search function if there are many Groups listed.

Select the item(s) you would like to restore. You can also choose to restore backed up file from a specific backup job of your choice using the drop-down menu at the top.

If the checkbox beside Group Mail is ticked, then all the items under Group Mail will be restored.

Specific items can also be selected. There is a preview function that will let you see the content so you can check if you want to restore it. For instructions on how to use the preview function please refer to the instructions discussed in the previous sub-chapter.

If the checkbox beside Group Site is ticked, then all the items under Group Site will be restored.

Specific items can also be selected. There is a preview function that will let you see the content so you can check if you want to restore it. For instructions on how to use the preview function please refer to the instructions discussed in the previous sub-chapter.

If the checkbox beside Teams Channel is ticked, then all the items under Teams Channel will be restored.

Specific items can also be selected to be restored. There is a download function that will let you download the item directly. For instructions on how to use the download function please refer to the instructions discussed above.

NOTE: Posts in Teams Channel will not be restored to the original thread. Instead, it will only be restored as data export in HTML format stored in the local machine or OneDrive.

From SharePoint Sites

Click on the Sites that will be restored. There is also a search function if there are many Sites listed.

Select the item(s) you would like to restore. You can also choose to restore backed up file from a specific backup job of your choice using the drop-down menu at the top.

There is a preview function that will let you see the content so you can check if you want to restore it. For instructions on how to use the preview function please refer to the instructions discussed in the previous sub-chapter.

From Public Folders

Click on the Public Folder that will be restored. There is also a search function if there are many Public Folders listed.

Here are sample screenshots for:

Retrospect Virtual Host Server

Select the item(s) you would like to restore. You can also choose to restore backed up file from a specific backup job of your choice using the drop-down menu at the top. There is a download function that will let you download the item.

• Select the location where the data will be restored.

The choices for the restore location that will be displayed depends on the data and restore method selected. There are two restore methods available: Restore items to Microsoft 365 and Save archive files to a destination.

Restore items to Microsoft 365# is selected, there are three options for the restore location:

• Original
• Alternate
• Alternate Microsoft 365 organization

Original

To restore to Original, select Original.

Click Show advanced option to configure other restore settings.

• Mode

There are two choices for the mode:

• Overwrite when exist: If the data that you will be restoring is already available in the Microsoft 365 account, then you have a choice to overwrite the existing data.
• Skip when exist: If the data you will be restoring is already available in the Microsoft 365 account, then you have a choice to skip and move to the next one
• Verify checksum of in-file delta files during restore: By enabling this option, the checksum of in-file delta files will be verified during the restore process. This will check the data for errors during the restore process and create a data summary of the in-file delta files which will be included in the report.

Click  to start the restoration.

Here are examples for the different data types:

Users

Teams

Sharepoint Sites

Public Folders

Alternate

To restore to alternate user/group/site/public folder, select Alternate.

To configure other restore settings please refer to the instructions discussed above.

Click  to proceed.

Select the alternate user/group/site then click  to start the restoration.

Here are examples for the different data types:

Users

Teams

SharePoint Sites

Public Folders

Alternate Microsoft 365 organization

To restore to an alternate Microsoft 365 organization, select Alternate Microsoft 365 organization. Then select the Region.

To configure other restore settings please refer to the instructions discussed above.

Click Test.

Click Authorize.

Login to your Microsoft 365 account then copy and paste the authorization code then click OK. Click  to proceed.

Select the alternate user/team/site/public folder then click  to start the restoration.

Here are examples for the different data types:

Users

Teams

SharePoint Sites

Public Folders

If Save archive files to a destination# is selected, there are three options for the restore location:

• Local
• OneDrive of Original Microsoft 365 organization
• OneDrive of Alternate Microsoft 365 organization

Local

Restore to Local is available for all data types. To restore to Local, select Local.

To configure other restore settings click Show advanced option.

Verify checksum of in-file delta files during restore

By enabling this option, the checksum of in-file delta files will be verified during the restore process. This will check the data for errors during the restore process and create a data summary of the in-file delta files which will be included in the report.

Click  to start the restoration.

OneDrive of Original Microsoft 365 organization

Restore to OneDrive of original Microsoft 365 organization is only available for the following data types: Users and Teams.

Select OneDrive of Original Microsoft 365 organization from the dropdown menu.

Users can be notified if an item is restored to their OneDrive. You can opt to send the notification message by email and/or to Teams Chat.

If you prefer to send the notification by email, provide the email address where it will be sent. You can provide several email address(es) by separating it with a comma.

Here is a sample of the email notification that will be sent.

To configure other restore settings please refer to the instructions above.

Click  to proceed.

Select the user. Then click  to start the restoration.

OneDrive of Alternate Microsoft 365 organization

Restore to OneDrive of alternate Microsoft 365 organization is only available for the following data types: Users and Teams.

Select OneDrive of Alternate Microsoft 365 organization from the dropdown menu.

Select the Region.

To configure notification settings please see instructions above.

Click Test.

Click Authorize.

Login to your Microsoft 365 account then copy and paste the authorization code then click OK.

Click  to proceed.

Select the user. Then click  to start the restoration.

Click  to go back to the Manage Backup Set screen and you will see the status showing Restore is Running when the restore is in progress. 

This step will only be displayed when Save archive files to a destination is selected as the restore method. Once restore is completed, click Download Now if you want to download the exported data. The data will be saved in a zip file.

Click Report if you want to view the report, the report will be generated in pdf format.

Otherwise click Cancel, To stop the restore job and delete temporary restored data, click Terminate and Delete. By doing so the restore will not finish.

Another way to monitor the restore status is from the Live Activities.

Running a Data Integrity Check

This option allows the Retrospect Virtual Host Server users to perform data integrity check, but the report of the result cannot be reviewed.

1. Log in to the User Web Console.
2. Click on the User icon.
3. Select Backup Set from the left panel, then select Data Integrity Check under the Execute Job drop-down menu. Click Run to proceed.

Run Cyclic Redundancy Check (CRC)

This option is disabled by default. When this option is enabled, the Data Integrity Check will perform check on the integrity of the files on the backup destination(s) against the checksum file generated at the time of the backup job.

If there is a discrepancy, this indicates that the files on the backup destination(s) are corrupted. These corrupted files will be removed from the backup destination(s). If these files still exist on the backup server on the next backup job, the Retrospect Virtual Console will upload the latest copy.

However, if the corrupted files are in the retention area, they will not be backed up again as the source file has already been deleted from the backup server.

Rebuild index

This option is disabled by default. When this option is enabled, the data integrity check will start rebuilding corrupted index and/or broken data blocks if there are any.

Click the  icon to begin the data integrity check process.

During a backup job, a Periodic Data Integrity Check (PDIC) will be performed as part of the backup process. This feature provides an additional regular data integrity check of the backup data.

Deleting Backup Data

1. Log in to the User Web Console.
2. Click on the User icon.
3. Select Backup Set from the left panel, then select Delete Backup Data under the Execute Job drop-down menu. Click Run to proceed.

Click the Confirm button to delete all files. Otherwise, click the Cancel button.

NOTE: Delete backup data action is not reversible. It will physically delete the selected backup data regardless of the defined retention policy settings. Therefore, make sure to select the correct backup data to be deleted before you proceed.

Appendix

Appendix A: Example Scenarios for Microsoft 365 License Requirement and Usage

Scenario No. 1: Backing up Microsoft 365 user account in multiple backup sets.

The required Microsoft 365 licenses are calculated by the number of Microsoft 365 user accounts that you want to backup.

Example No. 1: To back up one (1) Microsoft 365 user account on multiple backup sets, only one (1) Microsoft 365 license is needed.

Example No. 2: To back up two (2) Microsoft 365 user accounts on multiple backup sets, two (2) Microsoft 365 licenses are needed.

Example No. 3: To back up three (3) Microsoft 365 user accounts on multiple backup sets, three (3) Microsoft 365 licenses are needed.

Scenario No. 2: Backing up SharePoint Sites (not Personal Sites) under Site collections in multiple backup sets.

The required Microsoft 365 license is zero, but a minimum of one (1) Microsoft 365 add-on module license is needed to start the backup.

Example No. 1: To back up one (1) SharePoint site under Site Collection, one (1) Microsoft 365 license is needed.

Example No. 2: To back up any number of SharePoint sites under Site Collection, one (1) Microsoft 365 license is needed.

Scenario No. 3: Backing up files and/or folders under Public Folder in multiple backup sets.

The required Microsoft 365 license is zero, but a minimum of one (1) Microsoft 365 add-on module license is needed to start the backup.

Example No. 1: To back up files and/or folders under Public Folder, one (1) Microsoft 365 license is needed.

Scenario No. 4: Backing up Microsoft 365 User Accounts, files and/or folders under Public Folder, and SharePoint sites under Site Collections in multiple backup sets.

The required Microsoft 365 license will depend on the number of unique Microsoft 365 accounts.

Example No. 1: To back up three (3) Microsoft 365 user account, files and/or folders under Public Folder, and SharePoint sites under Site Collections on multiple backup sets, three (3) Microsoft 365 licenses are needed.

Scenario No. 5: Backing up Microsoft 365 User Accounts and Share Mailbox Accounts.

The required Microsoft 365 license will depend on the number of unique Microsoft 365 accounts.

Example No. 1: To back up three (3) Microsoft 365 user account and three (3) Shared mailbox accounts, six (6) Microsoft 365 licenses are needed.

Microsoft 365 license usage in backup

The number of Microsoft 365 licenses used in a backup can be checked from the backup log. The logs will first display the number of licenses that can be used which is labeled as “Quota (E-mail Account)”. Then it will display the actual number of licenses used “Quota (E-mail account) used in this backup set”. Lastly, it will list the e-mail accounts that was used.

Here is a sample of how it is listed in the log:

Run on Server backup log can be found in the path:

%User Home%\%backup username%\db\ClientLogs\Retrospect Virtual Console\log\%backupset ID% \Backup

.

Appendix B: Example for backup of large numbers of Microsoft 365 users

Example: 10,000 Microsoft 365 users needed to be backup. Since the maximum number of Microsoft 365 users per backup set is 2,000, there are 2 options available. There are further options, but this will involve a large number of backup sets and maintenance of these backup sets will not be practical.

• Option 1 - 5 Backup Sets, each has 2,000 Microsoft 365 Users
• Option 2 - 10 Backup Sets, each has 1,000 Microsoft 365 Users

Option 1 – 5 Backup Sets, each has 2,000 Microsoft 365 Users

Option 2 – 10 Backup Sets, each has 1,000 Microsoft 365 Users

If Option 2 was selected, for the last backup set, Backup -Set-10, follow the instructions on how to select the Microsoft 365 users. Doing these steps will ensure that additional Microsoft 365 users will be automatically included in the backup set.

• On the backup source, tick the checkbox for the root selection. This will select all the Microsoft 365 users.

Deselect the first 9,000 Microsoft 365 users.

Appendix C: Setting Multi-Factor Authentication (MFA) in Microsoft 365 Admin Center

What is a Multi-Factor Authentication (MFA)? It is an authentication method wherein a user will be granted an access only after successfully presenting two or more evidence or proof of personal information or identification. It also adds a second layer of security to users upon logging in.

To enable MFA of any Microsoft 365 user accounts, follow the steps below:

• Login using a Microsoft 365 Administrator credentials.

• Click the Admin Center icon.

• Go to Users and select the Active users from the list.

• In the Active user’s screen, click the […] ellipses, then click Multi-factor authentication.

• The multi-factor authentication screen will be displayed.

• You can search and select one or more Microsoft 365 user accounts. There is also a drop-down list available for multi-factor authentication status namely, Disabled, Enabled, and Enforced.

• Disabled – This status refers to the users who are not yet enrolled in the MFA. This is the default status.
• Enabled – This status refers to the users who are enrolled in the MFA, but changes have not yet taken effect.
• Enforced – This status refers to the users who are enrolled in the MFA has completed the registration process.
• Upon selecting a user, on the right side of the screen it will show you a link to enable the MFA. Click the Enable link to proceed.

• A warning message will be displayed. Click the enable multi-factor auth button to proceed. Otherwise, click the cancel button to abort.

• If you select enable multi-factor auth, the screen below shows the successful enabling of MFA for the Microsoft 365 user account that you selected.

• To finish the setup for the MFA, login using the MFA enabled Microsoft 365 user account.

• Upon logging in, there will be a message that will require you to provide more information to keep your account safe. Click Next to proceed.

• The Additional security verification screen will be displayed. Select one (1) option you want for the security of your account. You can choose from the three (3) options, Authentication phone, Office phone, and Mobile app.

• Authentication phone
  • Enter valid mobile number.
  • Select a method
    • Send me a code by text message
    • Call me

• Office phone – This option is disabled. Please ask your administrator if you need to update your office phone number.

• Mobile app
  • Select which option you like upon using the mobile app
    • Receive notifications for verification
    • Use verification code
• If you have selected the first option which is the Authentication phone with a method of Send me a code by text, you will receive a text message containing the verification code. Ensure that you have indicated a valid mobile number.

• To verify if it’s working, login using the MFA enabled Microsoft 365 user account.

• Upon logging in, there will be a message that will require you to provide the code that have been sent to your personal mobile number. Click Verify to proceed.

• After the verification process, the screen will be automatically redirected to the Microsoft 365 Main screen.

Appendix D: Example Scenario for Backup Set Maintenance

Scenario: Microsoft 365 user account does not exist warning message

This is the sample warning message if the user does not exist. If a user is removed from the domain and the Admin did not manually unselected the user from the backup source, then during backup job there will be a warning that the user does not exist. The warning will appear on the backup log.

Backup job is completed with warning(s). Check the backup report for the warning message.

Backup report contains a warning message.

Appendix E: Example Scenario for Data Synchronization Check (DSC) with sample backup reports

Selection of all folders vs selective folders

All folders selection

Selecting all folders automatically selects all the files and/or folders under Outlook, OneDrive and Personal Site of the selected Microsoft 365 user account. And all the files and/or folders under Teams, SharePoint Sites and Public Folders of the Microsoft 365 organization for Retrospect Virtual Host Server.

DSC is not required when all the folders are selected for back up. As during a backup job any deleted files in the backup source will be automatically moved to retention area.

Below are the sample screenshot of the backup source with all folders selected.

Retrospect Virtual Host Server

Selective folders

When not all folders are selected for backup and folders are subsequently un-selected from the backup source. The backup job will not pick up the changes of the de-selected folders, they will not be moved to the Retention Area but remain in the Data Area. In the long run this could result in a build-up of data in the backup destination.

DSC is highly recommended to synchronize de-selected folders in the backup source with the backup destination. This will ensure that there will be no data build up on the backup destination.

Below is the sample screenshot of the backup source with selective folders.

Retrospect Virtual Host Server

Backup Report

On the sample backup report, it shows the countdown until the next DSC which is in sixty (60) days.

Backup Report

On the sample backup report, it shows the countdown is done and DSC is running.

Backup Report

On the sample backup report, it shows that DSC is disabled.

Backup Report

Appendix F: How to view Item count and Storage used in Microsoft 365 Admin Center

To view the item count and storage size of Microsoft 365 user account based on the usage for Exchange (Outlook), OneDrive, and SharePoint, follow the instructions below:

• Login to the Microsoft 365 (https://login.microsoft.com).
• Go to Microsoft 365 admin center.

• On the Microsoft 365 admin center, click Show all then click the dropdown arrow for the Reports and select Usage.
• On the Usage screen, scroll down and click the View more button of the usage report that you want to view.

• For Exchange, click the View More button under Email activity, then go to Mailbox usage.

Highlighted columns are, Item count and Storage used (MB).

• Item count – number of mailbox items in Outlook per Microsoft 365 user account
• Storage used (MB) – storage used in MB size per Microsoft 365 user account

• For OneDrive, click the View More button under OneDrive files.

Highlighted columns are, Files and Storage used (MB).

• Files – number of files in OneDrive per Microsoft 365 user account
• Storage used (MB) – storage used in MB size per Microsoft 365 user account

• For SharePoint, click the View More button under SharePoint files then go to Site usage.

Highlighted columns are, Files and Storage used (MB).

• Files – number of files in SharePoint per Microsoft 365 user account
• Storage used (MB) – storage used in MB size per Microsoft 365 user account

Appendix G: Re-Authentication of Microsoft 365 Backup Set

After upgrading to Retrospect Virtual Console v9 or above, Microsoft 365 backup settings of existing backup sets must be updated. This will ensure that moving forward there will be no backup and restore issues to be encountered once Microsoft implements its product roadmap for Modern Authentication. This only needs to be done once per backup set.

To update the backup settings, follow the instructions below:

1. Log out all Microsoft 365 account on the default browser before starting the update of backup set.
2. Log in to the User Web Console.
3. Click the User icon on the User Web Console landing page.
4. On the Backup Set menu, click the backup set that you want to update.

1. If the backup set is using Basic Authentication, this pop up message will be displayed. Click Continue.

1. If the backup set is using Modern or Hybrid Authentication, click Change settings.

1. Click  to proceed with the authentication process.

1. Click I understand the limitation and confirm to proceed.

1. Click Authorize to proceed with the authentication.

1. Sign in to your Microsoft 365 account.

1. If MFA is enforced, select from Text or Call to verify your identity.
2. Otherwise proceed to the next step.

1. If Text is selected, enter the verification code sent to your mobile device and click Verify.

1. If Call is selected, answer the call and follow the instructions given to verify the account.

NOTE: The verification code will only be required if the MFA status of a Microsoft 365 account is enforced.

1. Copy the Authorization code.

1. Go back to Retrospect Virtual Console and paste the code. Then click OK.

1. Click Save to finish the update.