Link Search Menu Expand Document

Job Configuration

  1. Microsoft Exchange
  2. Microsoft Sharepoint
  3. Microsoft Teams
  4. Catch-All Job
  5. Dynamic Azure Active Directory Groups

In this section we will discuss job configuration, options to create the backup job as well as the best practice for the backup job configuration. Veeam Backup for Microsoft 365 offers multiple options to create the backup job to protect the environment.

Backup job can be created based on following objects:

  • Groups
  • Users
  • Sites
  • Organizations.

Configuring a single backup job is appealing, but the maintenance of a single backup job is challenging because of the following potential risks:

  • Single point of failure.
  • Management.
  • Backup duration.
  • Restore.

In this section, we will discuss the best practice about backing up the different workloads. We have the following workloads protection in Veeam Backup for Microsoft 365:

  • Microsoft Exchange
  • Microsoft Sharepoint
  • Microsoft OneDrive for Business
  • Microsoft Teams

Microsoft Exchange

It’s recommended to create multiple jobs based on group if the environment is 500+ mailboxes, the backup job based on group object are easy to manage for backup and restore operations and provides the good performance.

For example The jobs can be created based on the departments in the Organization, Veeam Backup for Microsoft 365 also provides you options to exclude the mailboxes from the backup job in event users left the organization you can easily exclude the mailbox from backup job processing as shown in the picture below.

Exchange Job

Microsoft Sharepoint

Veeam Backup for Microsoft 365 provides you an option to protect the complete SharePoint farm, as a best practice in the single job you can add up to 50 SharePoint sites. Similar to the Microsoft Exchange mailbox protection there is an option to select individual sites in the backup job as shown in the picture below:

Sharepoint Job

Microsoft Teams

Most Teams data lies in SharePoint, so it it recommended to backup Teams to the same repository as the Teams Sharepoint sites. This way data objects are only stored once in the repository, even when linked on two objects within Microsoft 365.

To protect all current and future SharePoint sites in an organization, you can choose to backup the organization object and then select only to process “Teams”. Be aware that this is only recommended if you have a small number of Teams in your organization and you will not exceed the configuration maximums. Each Team will count as 3 objects (Exchange, SharePoint and Teams itself) for the sizing.

Backup all Teams

Otherwise you can select single teams or create PowerShell scripts to protect Teams based on names.

Catch-All Job

You can create a catch-all job which will backup all items which are not yet processed by any other job. With this you can catch newly created users, Teams, SharePoint sites, etc. until you assign them to the appropriate job.

As this job needs to enumerate all your Microsoft 365 objects, this is only recommended for smaller organizations with a limited amount of objects.

You can add excludes to the job to avoid backup up items that you do not want to backup (blacklisting).

Dynamic Azure Active Directory Groups

This is a best practice for splitting jobs for all user based services, like Exchange Online and OneDrive for Business. Use the dynamic groups as a source for your backup jobs and the groups will be automatically updated on Azure AD side.

You can split your user base easily into even groups with Dynamic User Membership in Azure Active Directory. Create dynamic groups and leverage the dynamic rules based on the objectID property. This property is an unique GUID for each user and thus a randomized number with statistically equal distribution of starting numbers/letters (HEX) over your user base.

That said you can easily create regular expression match rules on the objectID property to create groups in any granularity. For example to split your user base in 50% you could use two groups with the following rules

Group 1 (50%): (user.objectId -match "^[0-7].*")
Group 2 (50%): (user.objectId -match "^[8-f].*")

Azure Active Directory Dynamic Membership rules

To increase the granularity you can just easily add a “lower level” of number/letter to your regex, e.g. to group into 32 groups your first four groups could look like this:

Group1: (user.objectId -match "^0[0-7].*")
Group2: (user.objectId -match "^0[8-f].*")
Group3: (user.objectId -match "^1[0-7].*")
Group4: (user.objectId -match "^1[8-f].*")

There is a PowerShell script available in VeeamHub which can help you to automatically generate these groups in AzureAD.

Back to top

Copyright © 2019-2022 Solutions Architects, Veeam Software.