« back to Support Page

Anti-cloud: Backup & Restore

"Microsoft Office 365" items 

The "Microsoft Office 365" Protected Item type allows you to back up data from your Office 365 cloud account. The backup job runs on the local device, using Anti-Cloud's client-side encryption, compression and deduplication to store data efficiently.

The following Office 365 services are supported:

  • Exchange Online
    • Mailbox (Email)
    • Calendars
    • Contacts
  • SharePoint & OneDrive
    • Sites
    • Teams Files

NOTE: Microsoft Online Services are responsible for the availability of the Office 365 online service and meeting their SLA guarantees. There are first-party archival and history solutions such as Retention Policy and Litigation Hold. Back up your Office 365 cloud account, for purposes of data safety; redundancy; resilience to tampering, misconfiguration, and accidental loss; legal compliance; unified reporting with other backup sources; and ease of restoring single items.

Authentication 

For backups, grant Anti-Cloud the ability to read data from your Office 365 account. Please pay attention to the credentials provided as a significant amount of access to the Office 365 organization occurs. This grant is done by creating an "Application" inside Azure AD. This application can be created automatically or manually.

Automatic application registration 

Click the "+" button next to the "Application ID" entry field. This opens a wizard dialog that steps you through the process to automatically register the application. Authenticate with Azure as a top-level administrator.

Manual application registration 

If you are unable to use the automatic application registration, you can register the application manually via the Azure AD web interface via the following steps:

  1. Register a branded application inside the Azure Active Directory panel:
    • Visit https://aad.portal.azure.com/
    • Click "Azure Active directory"
    • Click "App registrations" > "New registration"
    • Enter an application name (e.g. "My Branded Office 365 Backup Product"). The other options can be left as default
    • Click the "Register" button.
    • Copy the Application (client) ID field into Anti-Cloud's Application ID field
    • Copy the Directory (tenant) ID field into Anti-Cloud's Tenant ID field
      • Ensure that there are no extra spaces in the field after the Tenant ID
  2. Register an authentication secret for the application:
    • Click the "Certificates & secrets" left-hand tab
    • In the "Client secrets" section, click the "New client secret" button
    • Create a new secret
      • Specify any name (e.g. "My Anti-Cloud integration credentials") and any expiry (e.g. "Forever / No expiry")
    • Copy the Value column into Anti-Cloud's Application Secret field
  3. Grant this application permission to read Office 365 data:
    • Click the "API permissions" left-hand tab
    • Click the "Add a permission" button
    • Find and add the following permissions:
      • "APIs my organization uses" > "Office 365 Exchange Online" > Application permissions > ...
        • "Other permissions" > full_access_as_app
      • "Microsoft APIs" > "Microsoft Graph" > Application permissions > ...
        • Application.Read.All
        • Calendars.Read
        • ChannelMessage.Read.All
        • Contacts.Read
        • Directory.Read.All
        • Files.Read.All
        • Files.ReadWrite.All
        • Group.Read.All
        • GroupMember.Read.All
        • Mail.Read
        • Notes.Read.All
        • Reports.Read.All
        • Sites.FullControl.All
        • Sites.Manage.All
        • Sites.Read.All
        • Sites.ReadWrite.All
        • TeamMember.Read.All
        • TeamMember.ReadWrite.All
        • User.Read.All
    • Back on the API permissions page, click the top "Grant admin consent for (My Organization Name)" button

The authentication details are automatically populated in the desktop app, use the "Test Connection" button to validate the Office 365 credentials.

Configuring selections 

Anti-Cloud supports backing up different items from your Office 365 account. Use the pencil button in the desktop app to configure which mailboxes and sites will be backed up. Make separate selections for both mailboxes and sites using the dropdown arrow beside the plus button.

User has the following options for backups:

  • Back up all mailboxes/sites
  • Back up only the selected mailboxes/sites
  • Back up all mailboxes/sites except for the selected ones

When selecting users or sites for backup, the first dialog shows your current selection. Inside the first dialog, click the plus button to open a second dialog, to find users and sites from the Office 365 server.

The Search field in the second dialog box can be used to quickly filter for a known user or site.

When selecting users, the dialog also shows groups (Azure AD groups of user accounts). If you select a group, Anti-Cloud will backup all the mailboxes for user accounts belonging to this group.

Anti-Cloud supports Azure AD groups of user accounts, but does not currently support Outlook groups. If email messages are in an Outlook group, Anti-Cloud will not be able to to back them up. You can see the Outlook groups via the Sites view, but group messages are not included via the Sites backup job.

The only mailboxes available for selection are

  • Active Users (as shown in the Office 365 Admin Center), and
  • Shared Mailboxes (created with an Exchange E5 license plan or higher).
    • Anti-Cloud supports backing up Shared Mailboxes. Shared Mailboxes are counted as a full separate mailbox for the purposes of billing, regardless of the number of other accounts with access to the Shared Mailboxes.

Mailboxes belonging to Guest users, Deleted users, Discovery mailboxes, Archive mailboxes, and Journal mailboxes are not available for backup.

The Protected Item configuration is also available remotely via the Anti-Cloud Server web interface. This feature can be used when the device is online with a live-connection to the Anti-Cloud Server.

Performance considerations 

The backup job uses Microsoft Office 365 API to read data from the cloud and store it in the Storage Vault. A large amount of data will be downloaded to the local device.

The backup job takes advantage of Office 365 server-side delta change APIs to efficiently perform incremental backup jobs.

  • This applies to Mailbox (Email), Calendars, Contacts, OneDrive files, and Teams files, allowing for high-performance incremental backup.
    • Deleting any file from within a backup job snapshot will disassociate the backup job snapshot from the server-side delta change. If you delete a file from the most recent backup job snapshot, the next incremental backup job will require a longer duration.
  • This does not apply to SharePoint lists, which may re-download data during each backup job, reducing performance.

The Office 365 API imposes some rate-limiting on the backup operation. This may limit the total performance of the backup job.

  • One of the multiple imposed rate-limit rules is based on the target mailbox account. Each mailbox has its own rate limits. Anti-Cloud backs up multiple mailboxes in parallel; if the Office 365 tenant has a large number of mailboxes, the overall backup job performance would be balanced evenly across all the mailboxes. If the Office 365 tenant contains mailboxes with very different sizes, the single largest mailbox may reduce performance owing to the tail effect.

Hosting the Anti-Cloud device inside Microsoft Azure provides the lowest possible latency to the Office 365 servers improving the performance.

Restore 

Select files for restore. When browsing files to restore, different columns are displayed depending on the type of item being browsed.

Preview an email before restoring it, by using the right-click menu. The email preview shows the rich HTML content if the email contains it. Email preview contains the header fields, such as the From, To, and Subject fields; information about attached files; and embedded images.

The files can be restored to the local PC or to Office 365 cloud location.

Restoring Office 365 items to the local PC 

Emails are restored in MIME format (*.eml). These files can be opened with Microsoft Outlook on your PC, or in any other email program (MUA) such as Mozilla Thunderbird. Microsoft Outlook supports importing *.eml files in bulk by dragging-and-dropping into an Outlook folder.

If the email represents a meeting invite, the email contains a calendar appointment attachment in vCalendar format. These attachments can be renamed to *.vcf and opened with Microsoft Outlook on your PC.

Contacts and Calendars are restored in JSON format. These files require further processing to convert to standard vCalendar format (*.vcf) before opening with Microsoft Outlook.

SharePoint file attachments, including OneDrive items and Teams files, are found within associated SharePoint site. OneDrive files can be restored as regular files and folders underneath the "Documents" subdirectory of the associated SharePoint site.

SharePoint lists can not currently be restored to local files.

Restoring Office 365 items back to the cloud 

You can choose to restore Office 365 items back to the cloud. You can choose to restore either to the original Office 365 cloud location, or a custom location.

All items will be restored with the default retention policy.

Any existing emails will not be overwritten. If an email selected for restore already exists in the target Office 365 cloud location, it will be restored as a duplicate email.

Microsoft Office 365 Cloud to Cloud: 

Use Anti-Cloud as a backup service provider to offer a fully "cloud to cloud" service to your end customers. Setup steps:

  • Install Anti-Cloud Server, or use the Anti-Cloud-Hosted Anti-Cloud Server service offering
  • Create a single user account
  • Register for a VM on Azure and install Anti-Cloud into it
  • Create a Protected Item for each target Office 365 tenant organization.

Each "cloud to cloud" Office 365 organization that you want to back up would be represented as a Protected Item, not as a separate user account. This allows you to easily centrally manage the worker VM and set any schedule frequency.

You can monitor the worker VM's CPU and memory resources, and increase the instance's resources as necessary; or you can split into multiple worker VMs.

Anti-Cloud supports sending job report emails to different recipients for different Protected Items.

Anti-Cloud Server does not have a built-in customer signup mechanism, so representing a customer as a Protected Item instead of as a user does not change that. You may use the Anti-Cloud Server API to build a custom signup form that onboards customers as a Protected Item instead of as a user.

The full feature set of the Anti-Cloud Server web interface is available from the API, including browsing an Office 365 organization's resources and registering application credentials.


« back to Support Page