WIXLIB

Veeam Backup for Microsoft Office 365 Installation and Configuration#Gets your Office 365 Admin Credentials for authentication credential Get-Credential#Connects to the MSOnline Service with the credentials providedConnect-MsolService -Credential credential#Imports the AzureAD Module which provides the MSOnline Module# d/v2/azureactivedirectoryImport-Module AzureAD#Imports the MSOnline PowerShell ModuleImport-Module MSOnline#Imports the Exchange Online PowerShell cmdlets into the PowerShell session exchangeSession New-PSSession -ConfigurationName Microsoft.Exchange-ConnectionUri /” -Credential credential -Authentication “Basic” -AllowRedirectionImport-PSSession exchangeSession -DisableNameChecking -AllowClobber#SVCAccount First NameWrite-Host -ForegroundColor Yellow ‘Enter your Service Account First Name’ FirstName Read-Host#SVCAccount Last NameWrite-Host -ForegroundColor Yellow ‘Enter Your Service Account Last Name’ LastName Read-Host#SVCAccount Account in Proper EMail FormWrite-Host -ForegroundColor Yellow ‘Enter your Service Account UPN - ex - Veeam@Veeam.com Format please’ UPN Read-Host DisplayName FirstName “ “ LastName#Super Secret Password shhhhhh.Write-Host -ForegroundColor Yellow ‘Enter your Service Account Password’ Password Read-Host#Creates the New user and applies an O365 LicenseNew-MsolUser -DisplayName DisplayName -FirstName FirstName -LastName LastName -UserPrincipalName UPN -Password Password � -UsageLocation US -UserType Member-ForceChangePassword false#Creates the new role group with the proper VBO365 PermissionsNew-RoleGroup -Name DisplayName -DisplayName DisplayName -Roles“ApplicationImpersonation”, “View-Only Recipients”, “View-Only Configuration”, “RoleManagement”#Adds the user to the role groupAdd-RoleGroupMember DisplayName -Member UPNExample 1: PowerShell to automate the creation of your VBO365 service account. 2017 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.6

Veeam Backup for Microsoft Office 365 Installation and ConfigurationLicensingVBO365 is licensed the way Microsoft licenses Office 365. The product is simply licensed on the actual amount of MicrosoftOffice 365 end-user mailboxes that you require protecting. An end-user mailbox is defined as either a personal mailbox,an Online Archive OR both. Just as Microsoft does not charge its Office 365 customers for shared or resource mailboxes –these shared or resource mailboxes can be protected with VBO365 without needing to be licensed.In summary, VBO365 subscriptions are available for purchase based on the amount of end-user mailboxes that will beprotected. These subscriptions are available in either one- or three-year annual subscriptions.InstallationVBO365 is available as a standalone installation that will be installed on either a virtual or physical instance of WindowsServer 2008 R2 SP1 or greater.Figure 3To download the latest version, visit the VBO365 product page 65.htmlWithin the downloaded .zip package are two different executable files: VeeamBackupOffice365 VERSION-NUMBER.msi VBO365 Application and UI VeeamExplorerForExchange VERSION-NUMBER.msi Veeam Explorer for Exchange (VEX) 2017 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.7

Veeam Backup for Microsoft Office 365 Installation and ConfigurationInstalling Veeam Backup for Microsoft Office 365VBO365 can be deployed and implemented in a few different scenarios. With an environment where Veeam Backup &Replication 9.5 AND VBO365 will be installed on the same Windows Server, only VeeamBackupOffice365 VERSIONNUMBER.msi needs to be installed. This scenario is not recommended for production usage. In this scenario, the VeeamExplorer for Microsoft Exchange bits are already present. The preferred deployment method will install VBO365 on itsown dedicated server where both components would need to be installed.Note! Visit the Veeam Help Center for a detailed list of 65/guide/vbo systemreqs.html?ver 10Installing both applications is simple regardless of the deployment scenario that fits your environment best. It is recommendedto deploy VBO365 within a virtual machine as this deployment method gives the best and most flexible restore options availablewhen integrated with Veeam Backup & Replication’s application-aware image processing engine.Veeam Backup & Replication allows the quick and easy recovery of VMs via several different restore types. A few of theserestore types are: Instant VM Recovery Entire VM Restore Individual VM file restore Virtual Disks restore Guest OS File Recovery Restoring Application ItemsNote! Exploring backup archives using Veeam Explorer will be covered in a subsequent chapter.Once the product is successfully installed browse to the desktop and locate the VBO365 icon – the first time the product islaunched the license key must be provided — browse out to the appropriate location and apply the corresponding license key.Figure 4: Applying the corresponding license file to VBO365. 2017 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.8

Veeam Backup for Microsoft Office 365 Installation and ConfigurationInstalling Veeam Explorer for ExchangeVeeam Explorer will be installed after the successful installation of VBO365, via VeeamExplorerForExchangeVERSION-NUMBER.msi within environments where VBO365was installed without the presence of Veeam Backup & Replication.Figure 5: Veeam Explorer installation wizard in environments without Veeam Backup & Replication.Congratulations! With these steps completed VBO365 is now ready to complete its initial configurationand then it’s very first backup!ConfigurationThe VBO365 user experience is quite simple, the ribbon bar along the top contains the common tasks like adding anOffice 365 Organization, starting and stopping jobs, enabling or disabling jobs, editing a job, deleting a job or restoringmail items. Before an Office 365 Organization is added to the VBO365 console the repository location would need to beconfirmed, retention policy and folder exclusions defined and mail notifications configured. These tasks are achievedby viewing the Options menu. All the settings within the Options menu are global and will be applied to all the jobsthroughout the organization(s) that are added to VBO365. 2017 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.9

Veeam Backup for Microsoft Office 365 Installation and ConfigurationFigure 6: VBO365 Configuration menu within the UI.Pro Tip! If VBO365 backup jobs exist, these jobs need to be DISABLED to change the global options.Changing the repository locationWithin the Options menu, the ability to alter the repository location as well as define the retentionand setup of the folder exclusions is available. VBO365 will protect Office 365 email data to storage devices thatare locally accessible via DAS, USB/eSATA or to a SAN device via either iSCSI or Fibre Channel. Veeam recommendsformatting these Windows-based disks with either NTFS or ReFS and NOT FAT32 due to space limitations. Alternatively,VBO365 supports storage shares that are reachable via SMB 3.0. The example below illustrates a Windows Server 2016STD operating system with an E:\ that has been formatted with the Resilient File System (ReFS). By default, VBO365archives are stored within C:\VeeamRepository — the example below utilizes the ReFS volume — E:\VeeamRepository. 2017 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.10

Veeam Backup for Microsoft Office 365 Installation and ConfigurationFigure 7: Configuring ReFS repository for VBO365 on Windows Server 2016.Users of VBO365 might be familiar with how Veeam Backup & Replication stores restore points — VBK, VIB, VRB, etc.These are self-contained restore points of the systems protected. VBO365 stores its archives within the native MicrosoftJet Database Engine format, JET Blue.Figure 8: VBO365 backup archives are stored in the native Microsoft Jet Database Engine format, JET Blue.Since these archives are stored within an active database, JET Blue, when the archives are stored toa deduplication (DataDomain, ExaGrid, StorSimple, StoreOnce, etc.) appliance — zero data reduction will be achieved.Storing your VBO365 archives to one of these appliances would only be possible if the device supports SMB 3.0 or theability to attach as a remote device and format via Windows directly.Testing tip! Present storage to vSphere as an NFS repository. Create a VMDK on the NFS datastore. Attach VMDK toWindows Server and format! 2017 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.11

Veeam Backup for Microsoft Office 365 Installation and ConfigurationRetention policyWithin the options menu users can customize their global repository retention settings to match their business’ requirements.The Retain backups for setting defines the retention settings for all VBO365 backup jobs. The retention ranges from one year allthe way up to 25 years and even forever. By default, VBO365 will keep archives on disk for three years. For example, if mail datawithin Exchange Online is five years old and the retention for VBO365 is set at the default three years, the items that are greaterthan three years old will NOT be protected. The mail archives kept on the repository will be obtained for three years as well.Users can also define how frequently the retention settings are applied. For an item that expires the retention of the itemwill be removed based on the frequency set here. Users can specify either daily, weekly or monthly.Note! All the settings within the Options menu are global! To change these settings the existing jobs must be in the disabled state.Set up email notificationsHaving the peace of mind in knowing that your Office 365 mail data is being protected successfullyis an additional piece of the risk mitigation that environments require. VBO365 will notify selected users about thesuccess, warning or failure of backup jobs.Figure 9: Configuring email notifications that will be sent upon job success, warnings or failures. 2017 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.12

Veeam Backup for Microsoft Office 365 Installation and ConfigurationAdding a Microsoft Office 365 organizationPreviously within the requirements section of this paper the permissions required for VBO365 to connect to Office 365were explained. This service account with the Management role, View-Only Configuration role, View-Only Recipientsrole and Application Impersonation enabled will be utilized to connect to Office 365 and perform backups.Figure 10: Adding an Office 365 Organization to VBO365.Within the Add Organization wizard supply the service account credentials to connect to your Office 365 Organization.Figure 11: Supply the service account credentials as well as grant the impersonation role to the service account.VBO365 can automatically grant the impersonation role to the service account if this was erroneously missed wheneverthe service account was created. The impersonation role will allow this service account to act on behalf of users whenrestore activities are initiated. This will allow mail items to be restored directly back to individual user mailboxes. 2017 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.13

Veeam Backup for Microsoft Office 365 Installation and ConfigurationUpon successful connection to your Office 365 Organization, backup jobs will be able to be created as well as thesubsequent restore activities.Figure 12: VBO365 will verify the connection and organization settings and validatethe service account has the correct Office 365 permissions.Create your first backup!VBO365 connects to an Office 365 Organization to provide protection and Availability of your Exchange Online mailboxitems to an offline repository allowing IT the ability to browse, search and restore these items. The granular restoreoptions are made available via the backup jobs created. Backup jobs can be defined to cover and protect an entire Office365 Organization or defined at an individual mailbox level.Creating a backup job within VBO365 is achieved by clicking the Backup option within the ribbon bar inside the UI. Thefirst time a backup job is executed the backup will contain all the items present within the mailbox if the items apply tothe retention range at that given moment. For example, if the retention policy definition is set for three years, all itemsthat are less than three years old will be protected. The items that are greater than three years will be skipped. In largesized environments, this initial backup could take a substantial amount of time dependent upon the amount of data aswell as the speed of the WAN in which the data must traverse. Microsoft does employ throttling upon Office 365 andthis would be apparent in high speed connections. To have these settings altered for an Office 365 Organization anadministrator would open a support case.Figure 13: Creating a VBO365 backup job to protect Office 365 email data. 2017 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.14

Veeam Backup for Microsoft Office 365 Installation and ConfigurationIf an administrator is interested in the amount of Exchange Online data within Office 365 this sample PowerShell can berun to return the results in .CSV #################### Getting the size of your Office 365 Mail Environment ############## THE FOLLOWING SCRIPT IS TO BE UTILIZED AS AN EXAMPLE AND NO WARRANTIES ORSUPPORT ARE PROVIDED# RUN PowerShell ISE as Administrator#Gets your Office 365 Admin Credentials for authentication credential Get-Credential#Connects to the MSOnline Service with the credentials providedConnect-MsolService -Credential credential#Imports the AzureAD Module which provides the MSOnline Module# d/v2/azureactivedirectoryImport-Module AzureAD#Imports the MSOnline PowerShell ModuleImport-Module MSOnline#Imports the Exchange Online PowerShell cmdlets into the PowerShell session exchangeSession New-PSSession -ConfigurationName Microsoft.Exchange-ConnectionUri /” -Credential credential -Authentication “Basic” -AllowRedirectionImport-PSSession exchangeSession -DisableNameChecking -AllowClobber#Gets a list of all mailboxes as well as formats in Table Format and places in.CSV for offline examiniation Output Get-Mailbox Get-MailboxStatistics nt,totalitemsize Output FT Output Export-Csv -Path C:\VeeamBackup\Report.csvExample 2 2017 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.15

Veeam Backup for Microsoft Office 365 Installation and ConfigurationThe New Backup Job wizard provides the ability to backup all mailboxes within the Office 365 Organization oralternatively an administrator can selectively pick and choose which mailboxes to protect within each job that is beingcreated. As you select end-user mailboxes these will be counted against your available license count. VBO365 also keepstrack of mailboxes that were previously protected via managed mailboxes. Managed mailboxes are defined as mailboxeswith at least one single restore point created in the last 31 days. If a mailbox is not protected after the 31 days, the licensewill be revoked and made available for usage.Figure 14: VBO365 provides the ability to protect an entire Office 365 Organization or individual mailboxes.Recovery Point Objectives (RPO) define how frequently something is protected. The last step within the New BackupJob wizard is to define the RPO or schedule that the previously selected mailboxes will be protected. This data is thenstored within the repository on the VBO365 server or SMB 3.0 share.Figure 15: Set and define the schedule and frequency at which the job will protect the Office 365 mailboxes. 2017 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.16

Veeam Backup for Microsoft Office 365 Installation and ConfigurationIf configured and enabled, VBO365 will email job notifications based upon the settings defined within the Options menu.Figure 16: Sample email notification report based upon an Organizational backup.If email notifications are not configured administrators can view detailed job history reports natively within the VBO365 console.Figure 17: Detailed job session history view within VBO365 UI.Retrieving detailed job information is an easy task to achieve regardless of whether the requirementis email notifications or if troubleshooting within the VBO365 UI is desired. 2017 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.17

Veeam Backup for Microsoft Office 365 Installation and ConfigurationConclusionMore and more organizations of all shapes and sizes are continuing to adopt SaaS providers for many of their missioncritical applications and services allowing the focus to remain on meeting the demands of the Always-On Enterprise. VeeamBackup for Microsof

Veeam Explorer will be installed after the successful installation of VBO365, via . VeeamExplorerForExchange_ VERSION-NUMBER .msi. within environments where VBO365 was installed without the presence of Veeam Backup & Replication . Figure 5: Veeam Explorer installation wizard in environments without Veeam Backup & Replication.