Altaro Office 365 Backup: SMB’s one-stop solution for Office 365 data protection

Reading Time: 6 minutes

Altaro Office 365 Backup

When your organization leverages Microsoft Cloud services, it should have some idea on how to cope with the inevitable. You should make backups to elevate beyond the mere replicas Microsoft makes of your data… and then test these backups to make sure you can restore the backed up information.

This should not be new to you. Ownership of your data is part of the shared responsibilities model and flows from the product terms.

The problem

As with every data protection solution, the solution needs to be in place before the service, system or application that processes data is rolled out within the organization. Oftentimes it is not, causing serious headaches: organizations are losing chats in Microsoft Teams due to configuration errors or are providing false access to other people’s mailboxes due to incorrect hybrid identity matching.

An ecosystem of solutions

What is relatively new is the ecosystem surrounding the capability of creating backups of Microsoft Cloud Services, like Office 365’s Exchange Online, SharePoint Online and Teams services. New solutions have popped up in recent months. There is a wide array of vendors to choose from. Luckily, some well established solution vendors have also entered this arena, like Altaro.

Altaro

You may have already heard of Altaro, as they have been around since 2009. They are a leading developer of Virtual Machine backup and recovery solutions, but I’m guessing most Microsoft-oriented IT Pros know them for their free Hyper-V Dojo and publications like the Backup Bible.

Indeed, Altaro has earned street cred since 2009. Therefore, their Office 365 Backup solution should be on your organization’s shortlist.

 

My experiences

I’ve been using their solution for the past few months and their solution does exactly what you’d expect when reading its name and the word ‘solution’  in it.

It’s a solution

Altaro can pride itself that they have fully automated the onboarding and offboarding process for their Office 365 backup solution. Through the cloud management console, you can easily onboard a tenant by granting API permissions to a dedicated Altaro Office 365 Backup service principal in Azure AD. In a streamlined three-strep wizard you grant access. The same wizard can be used to re-grant access if need be.

As expected, Altaro Office 365 Backup requires a ton of API permissions for both read and write access. This is a completely transparent process, as these permissions are requested in a new browser tab when you grant access to the tenant as an administrator from Altaro's management console.

Creating backups within 15 minutes

Altaro’s goal is to start creating backups within 15 minutes of starting the onboarding process. This admittedly lofty goal is achieved for every organization as Altaro takes care of everything in an automated fashion. Altaro configures the application, the service, the encryption, the storage … everything.

To achieve its ‘backups starting within 15 minutes’ goal, however, some corners are being cut. The one-size-fits-all approach to backups in Altaro Office 365 Backup is roughly every 6 hours, starting its schedule at the moment you finish onboarding the tenant into the Altaro management interface as an organization. It’s good that Altaro starts performing backups immediately, but the inability to granularly control backup schedules might feel odd to seasoned backup admins.

To cater for immediate backup requirements, a Take Backup action however is available per resource. This way you can perform migration actions per mailbox, OneDrive, Teams team or SharePoint site after backup completes.  API access into Altaro’s infrastructure still features on my wish list to automate all the things, though.

Licensing the solution

Altaro’s license structure for its Office 365 backup solution is as straightforward as it gets: one flat yearly fee per user. Where other vendors require you to size up, purchase, configure and manage storage, storage is simply included with Altaro’s solution in its yearly fee that is less than EUR 40 per user. This makes Altaro Office 365 Backup a SaaS solution, just like Office 365 and Microsoft 365. They’re birds of a feather.

Retention of backed up items

Backed up items have unlimited retention, too. It means that from the moment you start creating backups, you can restore items in backups.

European organizations may hit the limits of Article 89 of the GDPR, which range from 24 hours to 15 years depending on the type of data. Luckily, the right to be forgotten as per Article 17 of the GDPR is taken care of: When an admin clicks the Remove User from Subscription & Delete Backup Data (instead of Disable this User), the data is permanently deleted from backups and thus from the (encrypted) storage Altaro allocates to your organization.

Restoring

All of that legal stuff is easily forgiven when you actually need to restore information. On-premises, restoring is the moment where you come to know if you can eat the cake. With Altaro’s solution, you can have the cake and eat it too. It’s super easy to restore mail items, attachments, calendar appointments, contacts or even entire mailboxes, either to a *.zip file, a *.pst file or to the original mailbox, or the a different mailbox.

Files in Teams, OneDrive for Business and SharePoint can also be restored with the same options except for the *.pst file option (obviously). Files are password-protected when you download them, so the restore process features the same Altaro end-to-end-encrypted principles.

Auditing

Auditing is clear, granular and immutable, as it should be. The Audit tab in the left navigation pane of Altaro’s management console provides information on all the actions that have been performed by admins. As you might expect, even looking into a user’s data to granularly restore an item results in an audit event detailing browsing access to the data, whether the data is subsequently restored or not. Filtering and export functionality make this feature complete.

 

Can Altaro improve their solution?

Despite my confidence in Altaro Office 365 Backup, I can see room for improvement.

Multi-factor authenticated admin access

As an identity guy, I feel Altaro spied a mare’s nest by not requiring multi-factor authentication for admin accounts to access its service. Where Microsoft and Microsoft partners are doing everything they can to require multi-factor authentication everywhere they can, even one Management Console that does not require it may prove to be an easy door, no matter how reputable the organization.

Enabling multi-factor authentication to access Altaro’s Management Console is easy, but I feel it should be enabled by default, because it adds an additional layer of security to the account by requiring more than just a password to sign in. Altaro is not alone in this practice, as Twitter recently reported only 2,3 percent of its user base actually has multi-factor authentication enabled.

Alerts

Alerts are also not enabled, by default. You can enable alerts to receive notifications by email as soon as an event occurs. You can choose for which events you would like to raise alerts, for instance failed mailbox backup operations and successful OneDrive account restore operations. In contrast to text messages, email messages only cost bandwidth, so why alerts are not enabled by default is beyond me.

Small and medium-sized businesses

While using Altaro’s Office 365 Backup solution, it does become clear that this is a solution for small and medium-sized businesses. Delegation with distinct role separation is unavailable, even though I feel the auditing feature may already benefit from it in highly regulated environments where auditors and admins work in different teams reporting to different managers.

 

Would I recommend Altaro Office 365 Backup?

I feel Altaro Office 365 Backup is a great solution to create backups of Exchange Online, SharePoint Online, OneDrive for Business and Teams data for most organizations.

There is one thing however, that holds me back from advising Altaro Office 365 Backup to all small and medium-sized organizations: Altaro leverages Azure storage to store your backups. I get it. Azure storage is relatively cheap, versatile and offers AES-256 encryption to secure your data so even Altaro can’t access it.

The best storage in the world, however, comes with the biggest drawback: Altaro Office 365 Backup is not the best solution if you want your backups in different regions than the regions your Office 365 data resides in. Access to your organization’s live data and your organization’s backups are governed by the same terms and largely the same infrastructure, including authentication, certificates and DNS.

It is the equivalent of putting all your eggs in one basket.

 

Concluding

Altaro Backup for Office 365 has a lot going for it. Its EUR 40 per user per year flat fee offers virtually unlimited scalability, straightforward backups and restores, and clear auditing.

It’s the ideal solution for organizations that have a cloud-first strategy where software as a Service (SaaS) and Platform as a Service (PaaS) services are preferred to Infrastructure as a Service (IaaS) and on-premises systems. These organization may have already learned that Microsoft is better in hosting and securing data than they are themselves…

Within 15 minutes, any organization can start creating backups of their Exchange Online, SharePoint Online, OneDrive for Business and Teams data. With the proper settings, the solution is secure enough for any Microsoft-oriented organization.

3 Responses to Altaro Office 365 Backup: SMB’s one-stop solution for Office 365 data protection

  1.  

    I'm curious how the Altaro solution stacks up against the well known competition.

    I'd also like to know how and what Teams data it really can backup and restore.
    There are big differences between solutions.

    • Hi Eric,
      In my opinion, the situation with Microsoft Teams backup is currently caused byh the constraints in the APIs. Some vendors choose to stick with Microsoft's APIs and not 'hack' a solution together that does it all. In the long term, I feel going with the official APIs is the best route, as it's easier to support and maintain and because the API permissions apply. Any solution that doesn't perform backups (or restores) of a certain type of items in Microsoft Teams is not a bad solution in my book.

       
  2.  

    Hi Sander, I agree with you on the, stick to Microsoft supported solutions as that is the most future proof. Hacking will eventually break as Microsoft changes are really fast going in Office 365. But on the other hand, when purchasing a solution you "may" expect the supplier will maintain the solution. As with every Microsoft product it has limitations and 3rd party solutions are needed to meet a customers demand. So in the end we get back to the well known Consultant answer, it depends:-) PS. I see Veeam being the most used, so thanks for highlighting this Altaro solution that could be a great solution for customers.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.