Organizations flocking to Microsoft 365 services like Exchange Online, SharePoint Online and Teams have many reasons to make this transition.
Reasons to transition to the Microsoft cloud
Whether it’s upgrading the IT real estate to the 21st century, the desire to eliminate technical debt, avoiding the upfront cost of a renewed on-premises implementation, or simply the latest spur of out of band hotfixes for products like Windows Server and Exchange Server… the answers these days all point to the cloud. When moving to the cloud, is there a better way than using the services of the vendor who you’re already familiar with? Now you understand why Microsoft 365 is the choice of many organizations.
Begin with the end in mind
One of Stephen Covey’s seven habits of highly effective people is to begin with the end in mind. Mister Covey isn’t an IT genius and expressed the end in mind principle as thinking before acting. As an IT Pro with dozens of 100+ page designs under my belt, I’ve come to appreciate another interpretation of this principle: Start with an exit scenario, before anything else. This philosophy has already gathered a lot of Dutch government organizations behind the idea of introducing Microsoft 365 services to extend and embrace their on-premises infrastructures.
Sudden vs. predictable exit scenarios
Exit scenarios should be part of data privacy impact analyses. These documents should cover the need to suddenly and unexpectedly execute exit scenarios due to breaches at Microsoft or its 50 subcontractors, regulatory changes between our and Microsoft’s jurisdictions, a hostile take-over of Microsoft 365, Microsoft signing over its intellectual property or even Microsoft going out of business. Additionally, the exit scenarios include situations in which Microsoft 365 services simply are no longer cost-effective or aren’t offering the levels of availability, performance and/or trust as perceived during the initial use period.
Ownership of data during exit
In all of these exit scenarios, the continued ownership of the data that the organization stores in Microsoft 365 services is a cause for concern. From a practicality point of view, the following questions are commonly asked:
- How does an organization get hold of its data?
- How can the organization handle the data? What 3rd party tools may be necessary?
- Where can the organization restore the data to or reuse the data?
- How can the organization resume business with the restored data?
This is usually the time to talk about backup of data in Microsoft 365 to a location that is not impacted by the recognized exit scenarios. Yes, usually this means erecting a system on-premises to make backups of data in cloud services to reuse hardware and storage that sits idle after moving mailboxes, files and folders to Microsoft 365.
These discussions on continuity at the beginning of deployment projects build trust. These discussions also reinforce the business case of transitioning to the cloud beyond the initial reasons found in the first paragraph of this blogpost.
Backup and restore of Microsoft 365 data
There are many vendors offering backup of Microsoft 365 data. I have two favorite solutions with two distinctly different approaches:
Veeam Backup for Microsoft Office 365
For organizations who want to setup a system under their own control, Veeam's Backup for Microsoft Office 365 product offers everything they need.
It offers backups of Exchange Online, SharePoint Online, OneDrive for Business and Teams.
More importantly, it allows to restore into the same cloud services, but also to on-premises Exchange Servers and SharePoint Servers. Setting up a new Exchange or SharePoint infrastructure on-premises to restore data to, without the need for additional tools, sounds like the ultimate exit scenario… at least while Microsoft still offers these on-premises products.
Veeam Backup for Microsoft Office 365 is the perfect solutions for organizations that don’t necessarily need to go all cloud and organizations that need their data asap to resume business.
Altaro Office 365 Backup
Altaro's Office 365 Backup service is a fully-managed service for Microsoft Office 365 data backup.
It offers backups of Exchange Online, SharePoint Online and OneDrive for Business. There’s only a handful of settings that organizations need to configure. Altaro takes care of everything else, scales Azure storage to meet your backup needs and has packaged everything in a subscription with one all-inclusive fee.
Altaro Office 365 Backup is the perfect solution for organizations that want to go all-in with cloud services and don’t bet on Microsoft losing its cool. As the solution leverages Azure storage, organizations continue on the Microsoft path that they have traveled on so far already.
Restore possibilities by Altaro offers the ability to restore to the same mailbox, onedrive location and site, but also include *.zip and *.pst files, so for predictable exits everything is available. Getting the data might take some time as it needs to be downloaded and/or transferred from Altaro’s service to the organization’s cloud service and/or its on-premises systems.
Backup and restore of Azure AD objects
Both solutions, however, lack the ability to backup and restore objects and their attributes in Azure AD. Azure AD serves as the common authentication and authorization platform for all Microsoft 365 services. Most organizations will tell you that they only synchronize objects from Active Directory to Azure AD. Their conclusion is that they don’t need to backup Azure AD.
In terms of exit scenarios, it’s not a terribly big deal to not backup objects and their attributes in Azure AD. Indeed, user objects and groups are synchronized and can be used to provision another cloud identity platform if need be. Multi-factor authentication settings and license assignments also don’t play a role in exit scenarios as these are platform-specific.
However, backing up and restoring guest users and their access to shared files and folders may prove to be critical. Without the ability to restore all of Azure AD’s authentication and authorization mechanisms, all access control entries (ACEs) will need to be reprovisioned for restored data. In a world where people in different organizations don’t meet physically, this might be equivalent to cutting the umbilical cord of your organization’s revenue stream.
Talking about backup before entrusting even the first byte of data to a cloud service seems counterintuitive, but it has proven to be a good approach for me and my customers. Getting things clear beforehand makes all the difference when the cloud licensing agreement goes sour and you want to step out of it.
For this year's World Backup Day, I decided to look at backups of Microsoft 365 data from a different perspective.
A webcast with Redmond Magazine on typical Disaster Recovery gaps in Hybrid Active Directory environments
A webinar on Picking the Right Backup and Restore Solution for your Active Directory Domain Services needs