Great thing about this guide is that it’s really a “live document”, which covers design, configuration and operations for VBO and it will be updated regularly, so make sure to bookmark it and check it from time to time!
Are you backing up your Office 365? And… why not? 🙂
I’m not going into the lengthy and exhausting discussion of why you should take care of your data, even if it’s stored in something unbreakable like “the cloud”, at least not in this post. I would like to focus on one of the features of the new Veeam Backup for Office 365 v4, which was released just the other day. This feature is “object storage support“, as you may have guessed it already from the title of this fine post!
added a new Office 365 organization with AAD app and Global Admin account credentials (docs)
created a backup job for this Office 365 organization
started backing it all up
Now, a few tips on the “configuration part”:
no real prerequisites and tips here – simple Windows VM, on which I’m installing the downloaded software (there is a list of system requirements if want to make sure it’s all “by the book”)
creating the Exoscale SOS bucket is relatively easy, once you have your account (you can request a trial here) – you choose the bucket name and zone in which data will be stored and… voilà:
if you need to make adjustments to the ACL of the bucket, you can (quick ACL with private setting is just fine for this one):
to access your bucket from Veeam, you’ll need your API keys, which you can find in the Account – Profile – API keys section:
one other thing you’ll need from this section is the Storage API Endpoint, which depends on the zone you’ve created your bucket in (mine was created inside AT-VIE-1 zone, so my endpoint is https://sos-at-vie-1.exo.io):
note: I’m using the Modern authentication option because of MFA on my tenant and… it’s the right way to do it!
for this, I created a custom application in Azure Active Directory (AAD) (under App registrations – New registration) (take a note of the Application (client) ID, as you will need it when configuring Veeam):
I’ve added a secret (which you should also take a note of, because you’ll need it later) to this app:
then, I’ve added the minimal requiredAPI permissions to this app (as per the official docs) – but note that the official docs have an error (at this time), which I reported to Veeam – you’ll need the SharePoint Online API access permissions even if you don’t use the certificate based authentication(!) – so, the permissions which work for me are:
UPDATE: Got back the word from Veeam development – additional SharePoint permissions may not be necessary after all, maybe I needed to wait a bit longer… will retry next time without those permissions. 🙂
after that, I’ve enabled the “legacy authentication protocols”, which is still a requirement (you can do it in Office 365 admin center – SharePoint admin center – Access Control – Apps that don’t use modern authentication – Allow access or via PowerShell command “Set-SPOTenant -LegacyAuthProtocolsEnabled $True”):
lastly, I’ve created an app password for my (global admin) account (which will also be required for Veeam configuration):
Veeam Backup for Office 365:
add a new Object Storage Repository:
add a new Backup Repository (connected to the created Object Storage Repository; this local repository will only store metadata – backup data will be offloaded to the object storage and can be encrypted, if needed):
add a new Office 365 organization:
create a backup job:
start backing up your Office 365 data:
Any questions/difficulties with your setup?
Leave them in the comments section, I’ll be happy to help (if I can).
The other day I was “playing” with setting up Office 365 for one of our clients – they have Linux machines for their DNS servers, and BIND as their DNS solution. As this was my first encounter with configuring BIND by myself, I just wanted to share steps I’ve taken to make it work (in my lab environment) – maybe it will help someone…
DISCLAIMER: I’m not a Linux/UNIX expert! I try to figure out what I need, and then try to make this work… with the help of Internet resources (or experts), of course. There is plenty of resources on how to do this already, but I like to have things in one place if I need them again.
So, I’ve began my experiment with wondering which Linux distribution should I take. After some consulting (thanks, Ingrid ), the final choice was pretty easy – Fedora(criteria – had to be relatively easy to use (for non-Linux person like me), had to work in Hyper-V without much trouble, and there should be someone who can help if I got stuck).
After a pretty simple installation process (wizard, Next, …, Next, Finish), I’ve had my Fedora box up and running.
Now, the more complicated part – setup this box to be BIND server, and load the correct records in it, so that Office 365 can add and verify my domain.
Here are the high-level steps (I’ve used Terminal, with su rights):
1. install few packages to get things up and running:
yum-yinstall bind bind-utils bind-libs nano
2. configure the BIND (DNS) server to run at startup:
chkconfig named on
3. query the firewall rules for UDP port 53 access: