Blog: Backup

Many organizations are adopting Microsoft 365 (formerly Office 365) and businesses nationwide are seeing the benefits of improved productivity through its email and collaboration solution. Organizations of all sizes can benefit from a seamless user experience between mobile and on-premise environments.

While Microsoft 365 offers great flexibility, it mostly focuses on infrastructure management rather than data management. Meaning: You are responsible for your data.

Some businesses who have migrated their workloads to Microsoft 365 do not realize that the same reasons they had for backing up and protecting that data on-premises applies even in the cloud.

If you are still considering Microsoft 365 for office productivity and collaboration, this article may be for you: Microsoft 365: Is it the right choice for your business?

Without proper backup and recovery, your data is at risk, because Microsoft isn't providing complete protection. It's important to create a backup and recovery strategy to ensure you avoid permanently losing your critical data.

It's important to understand the difference in responsibilities of Microsoft and Microsoft 365 user organizations. Microsoft hosts the infrastructure, but you are responsible for your data.


What is Microsoft's Responsibility?

Cloud Infrastructure Uptime — Microsoft focuses on the infrastructure management rather than data management. By focusing on infrastructure, Microsoft ensures its cloud service is online and operational. Guaranteed uptime is based on your agreement level and outlined in the availability SLA (Service Level Agreement).

Basic Data Replication — Microsoft provides basic data replication with datacenter-to-datacenter geo redundancy, and limited retention for short-time data recovery.

Data Processing Compliance — Compliance and controls for data processing are limited to the processor, not the data itself. Microsoft ensures data privacy, regulatory controls, and industry certifications for compliance are in place and maintained for the infrastructure of its cloud service.

Physical Infrastructure Security — Security functions for Microsoft 365 are limited to physical infrastructure, not data. It includes app-level security, logical security, and access controls for users and administrators.


What is the Customer's Responsibility?

Business Data in Microsoft 365 — The customer is the owner of the data that resides in the Microsoft 365 data centers. As the owner, the customer controls the data and who can access the data. All responsibility of the data is on the user to ensure data security, privacy, and retention.

Enterprise-grade Backup and Long-Term Data Retention — Implementing an enterprise-grade backup solution for Microsoft 365 can give businesses confidence to recover from security breaches, compliance exposure, and data loss. With enterprise-grade backup, a copy of the data is stored outside the environment. In the event of an incident, it provides granular and point-in-time recovery options.

Data Owner Compliance — As the data owner, the customer has the ultimate responsibility of data for internal legal and compliance teams. The customer answers to the demands from corporate and industry regulations.

Security Functions to Protect Data — Protection of data is the responsibility of the user, not Microsoft. Security controls must be implemented to protect the data from internal threats, such as accidental deletion, insider threat, and disgruntled employees, and external threats, such as malware, ransomware, and rogue applications.


What happens when Microsoft 365 is used without backup?

Microsoft only provides basic and limited retention. If you don't implement a backup strategy outside of Microsoft's native capabilities, you are opening up your business for unnecessary risk. Lack of a Microsoft 365 backup plan is a risky data strategy.

Without proper backup and recovery, your organization can expose itself to the following risks:

  • Data loss from accidental deletions
  • Ransomware attacks and security breaches
  • Insufficient retention time for regulatory compliance policies
  • Lack of data control due to potential SaaS lock-in

Organizations investing in productivity and collaboration tools should also consider their backup and retention needs as a factor in efficiency and productivity. Considering a third-party backup solution is critical for data loss avoidance.


What is the best strategy for Microsoft 365 backup?

Your data is your business. By taking a data-driven approach to your backup strategy, you recognize the critical importance of your data for your business stability.

Make Microsoft 365 Backup a Key Priority

Backup for cloud services (SaaS), such as Microsoft 365, is imperative for security and data control. Full oversight and control of data is a boardroom priority. Without backup, organizations do not have an exit strategy or freedom from SaaS lock-in because they are not in complete control of their data. Backup should be part of the conversation when buying SaaS and not an afterthought.

Consider Enterprise-grade Data Protection

When investing in backup solutions, consider integration between the Microsoft 365 environment and your existing data protection environment. Evaluate automation, security, and integration between systems when comparing enterprise-grade data protection and recovery features. Integrating SaaS into enterprise data protection can help unify data management.


What to look for in a Microsoft 365 backup solution

1) Freedom to use existing on-premise capacity for Microsoft 365 backup, or the ability to leverage another cloud for cloud backup.
2) Basic features provided, such as incremental backups, granular recovery, automation, and policy-based retention capabilities.
3) A solution capable of managing and protecting hybrid deployments and the ability to ease the full adoption of SaaS.
4) Integration between Microsoft 365 and the customer's existing data protection environment.
5) Advanced security features such as access control, SaaS usage metrics, and multifactor authentication for additional security.
6) Ability to scale up or down as business and data demand changes and as SaaS is rolled out more widely within the company.


Investing in productivity tools and the corresponding backup is an exciting adventure. When you are ready for a guide, we are here to help. We can advise on and implement a solution that fits your business needs. Contact us today to schedule a consultation.


 

A Windows 8 machine was being backed up with the Windows 7 backup. The backup completed all the file level backup but it failed backing up the system image. I found various articles indicating that the problem was in creating the shadow copy, and apparently it tries to create the shadow copy on the system partition instead of the larger “C” partition (in this case). In this case, the system partition (partition #1 on the physical disk 0) was 1GB and the C drive (partition #2 on the physical disk 0) is about 450GB. [more]

I used the partition program Mini Partition Home Edition V7.7 (downloaded from http://www.partitionwizard.com/download.html) to resize the C drive smaller, then shift it so the system partition can grow contiguously. I increased the system partition size to 2.5GB. Then, the Windows 7 backup program ran to completion and backed up the system image also.

In using the Mini Partition program, I had to remove all USB drives from the system. If USB drives are found, then the Partition Wizard will error out when it reboots to apply the partition changes. This problem is discussed in the FAQ’s for the Partition Wizard found here: http://www.partitionwizard.com/faq.html


 

A system was running GUID partition tables (GPT) in place of MBR and UEFI instead of BIOS. After a restor from backup, when trying to enable BitLocker, I got an error saying, “Element not found”. This vague error message did not provide any helpful results on Google, so I tried running BitLocker from the command line. Running the command “manage-bde –on C: -tpmandpin” gave me an error code (0x80070490) to go with the vague message. A Google search for the error code yielded this link to TechNet that says this is a known issue when moving hard drives between systems using the UEFI boot firmware and that running “bcdboot %systemdrive%\Windows” command will fix it. The command did not fix the problem, but it pointed me in the right direction. Some more searching led me to this link that talks about how to manually delete the “bootmgfw.efi” file in the UEFI boot partition. After deleting the file and then running the “bcdboot” command from the TechNet article, BitLocker encrypted the drive.


 

BackupExec jobs may fail when they are set to append only, and the customer uses new media.  Either copy the job and set the new job to overwrite, or change the media settings to allow append.

BackupExec 2012 has a new feature that allows “no-metal restores.”  The restore actually performs a P2V conversion.


 

A customer called a few weeks ago saying they did not have Internet access and could not access the network. A storm had gone through the area the night before, so I started by having them check to make sure the Internet equipment was online. There were no problems with the network equipment, so I asked the onsite IT person to check the server rack. Upon walking into the server room, I could hear alarms going off. He said it was the UPS that was beeping.

Their DHCP, DNS, WPAD, and File Server is all on one server, which is plugged into this UPS.  I went onsite and bypassed the UPS for power to their servers. The UPS would not turn the outlets on and referred to an overload error. I called APC tech support and they said this error meant that there was an internal fault in the UPS and it would have to be replaced. A replacement UPS was sent and installed. It appears that an electrical event occurred during the storm the night before and messed up the UPS. Since then, the company has purchased an additional UPS so that one power supply from each server can be plugged into each UPS. Hopefully, if this ever occurs in the future, one of the UPSs will remain online.


 

The other day I had an issue come up with a customer where VSS (Versative Storage Server) integrated file system backups stopped working for some unknown reason. Usually, a reboot fixes these types of issues, but backups continued to fail after a reboot. I started a support call with the backup vendor and after seeing the error logs, the support tech seemed fairly sure he knew what the problem was. This error is usually caused by a malformed path within the registry. So he had me run the following commands on the server and send him the output. [more]

vssadmin list writers >> c:\writers.txt
vssadmin list providers >> c:\providers.txt
vssadmin list volumes >> c:\volumes.txt

diskshadow /L c:\shadow.txt
list writers detailed

After reviewing the text files created, he found the malformed path:

- File List: Path = c:/windows\hpsum_1327455089, Filespec = hpsumserverw32.exe

To correct the issue, I searched the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ for “c:/windows\hpsum_1327455089” and corrected the path to “c:\windows\hpsum_1327455089” . After doing this, the backup ran fine. Further research uncovered the root cause. During the last maintenance window, HP System Update Manager was used to update the HP System Management Homepage on these servers. This malformed registry key was created by HPSUM during the upgrade.


 

When setting up VaultLogix online backup, make sure the server is not configured to apply Windows Automatic Update and reboot during the backup window. The problem that occurs is Windows Automatic Update reboots the server in the middle of a backup, VSS shuts down, but can allowed enough time to commit a partial backup which can leave off drives that need backed up. On the next backup, the agent will think there is new data and commenced to reseed those drives on the subsequent backup. Which can cause a problem, if the network has a slow connection that had to be seeded with a mobile vault, because backups will never be able to catch up.

If this occurs you must stop the re-seeding, purge all of the impartial backups since the error occurred. Then resynchronize the Vault Logix DTA file. Then the agent will not try to reseed data that is already backed up and just do the deltas for the selected drives.


 

FEBE (Firefox Environment Backup Extension) is a free Firefox backup utility that functions as an add-on.  You can have it do scheduled backups, backup your whole profile or pieces and parts (including other add-ons, cookies, etc.).

This is most helpful for me since I use NoScript to limit which scripts are allowed to run as well as Permit Cookie to determine which site cookies I want to retain after I close Firefox.  Whenever I rebuild a laptop, it's handy to not have to manually install all add-ons, etc. [more]

http://softwarebychuck.com/febe/febeFAQ.html


 

The CommVault Exchange Mailbox iData agents do not backup mailboxes associated with disabled Windows user accounts. The backup job reports a "success" for the job, but when the details of the backup are explored, the backup set does not contain any data. Additionally, requesting a listing of all failed objects for the backup job results in a "no failures" status. According to CommVault, this behavior is by design as is the "successful" backup status. After all, the job did not technically fail if it is not designed to include mailboxes belonging to disabled user accounts. This is very strange given that, in general, CommVault iData agents have an "inclusive by default" behavior.  This can become a real problem if you try to restore data for a former employee whose Windows user account was disabled when they left the company.  The lesson here is that you should always test your backups. Even if the backup report and all job status notifications indicate you are good....test anyway.


 

I installed Exchange 2010 on a new Windows 2008 R2 server for a customer. I was attempting to do a test move on a mailbox from the old Exchange 2003 server and it failed. I found that the Microsoft Exchange Mailbox Replication service was stopped and it would not start. I did some online research and was unable to find a solution.  After further investigation it was discovered that the VaultLogix Classic Agent used for the online backup was using the same port as the Mailbox Replication service. I spoke to a VaultLogix support technician who showed me a registry key that would change the default port from 808 for the agent.

I change “HKEY_LOCAL_MACHINE\SOFTWARE\EVault\InfoStage\Agent\AgentPortNumber” to port 807 and was then able to start the Mailbox Replication service. [more]

During the installation of the backup agent it will not allow you to change the port. However another method to change the port number once it is installed, is by opening the Classic CentralControl application right click on the server name and choose “Properties. Then change the port number to an available port.