Considerations and Limitations

This section lists considerations and known limitations in Veeam Data Cloud for Microsoft 365.

General

  • Adding Microsoft 365 organizations using modern authentication method with legacy protocols allowed is not supported.
  • Backup of a Microsoft 365 tenant organization is not supported if the initial domain of the organization was changed.
  • Backup of dynamic distribution groups is not supported. Members of dynamic distribution groups cannot be resolved. Dynamic Entra ID groups can be used instead. For more information, see Dynamic Entra ID Groups.
  • Microsoft Entra Privileged Identity Management is not supported.
  • Backup is not supported for Microsoft organizations in US Government GCC High regions.
  • Express backup is not supported for Microsoft organizations in GCC regions.
  • You cannot delete mailboxes, OneDrives and SharePoint sites protected with an Express backup policy. For more information, see this Microsoft article.

Supported Microsoft Organizations

Veeam Data Cloud for Microsoft 365 supports the following Microsoft Exchange and Microsoft SharePoint organization versions:

  • Microsoft 365 Exchange Online

Microsoft 365 and Office 365 service families, standalone services and plans for Business, Education, and Government* hosted by Microsoft are supported. For more information about system requirements and limitations for Microsoft 365, see this Microsoft article.

  • Microsoft 365 SharePoint Online

Microsoft 365 and Office 365 service families, standalone services and plans for Business, Education, and Government* hosted by Microsoft are supported. For more information about system requirements and limitations for Microsoft 365, see this Microsoft article.

*Government support is experimental. For more information, see this Veeam KB article.

Backup

Before you back up your data, consider the listed recommendations and best practices for Veeam Data Cloud for Microsoft 365. Then, depending on your license plan, create new backup policies. For more information, see Creating Flex Backup Policies and Creating Express Backup Policies.

Number of Backup Policies

You can configure backup policies based on Users, Groups, Sites, Teams and Organizations (entire or partial).

If you configure a single backup policy for all your data, there are challenges due to risks like a single point of failure, management complexity, backup duration, and restore issues.

As a best practice, in most cases, it is recommended to create 2 backup policies.

For example, you can create a backup policy for Exchange and another backup policy for the rest of your data:

  • Backup Policy 1: Mailboxes and Archive mailboxes
  • Backup Policy 2: OneDrive for Business, SharePoint and Teams

In the case where you have more complex backup rules and do not back up your entire organization, it is recommended to split your backups into 3 backup policies:

  • Backup Policy 1: Mailboxes and Archive mailboxes
  • Backup Policy 2: OneDrive for Business
  • Backup Policy 3: SharePoint and Teams

Recommended Maximums

While one SharePoint site counts as an object for sizing the Veeam Data Cloud for Microsoft 365 infrastructure, this does not always accurately represent the impact on the backup infrastructure. For example, a SharePoint site with 250,000 documents within a document library takes more compute resources to process than a simple 50 MB intranet site. It is advised to adhere to the limits specified by Microsoft for SharePoint, and to pay special attention to the guideline that suggests “For optimum performance, we recommend storing no more than 300,000 files in a single OneDrive". For more information, see this Microsoft article.

User-Based Services

For easier maintenance, backup policies for all user-based services in Exchange, as well as Exchange Archive, OneDrive, and Personal SharePoint Sites, should be based on user or group objects.

  • If you want to back up all the users in the tenant, select the Partial Organization option and create one backup policy for each service.
  • If you want to back up a subset of the users, create backup policies using groups. When you do not have groups, create new groups or manually select users and sites. In case you want the list of users of a backup policy to be automatically updated between backup policy runs, do not use simple groups, because you must manually update the groups every time a new user is added or removed from the groups. Use Dynamic Entra ID groups instead, because they are dynamically updated.

Dynamic Entra ID Groups

It is a best practice to use dynamic Entra ID groups for user-based backup policies, because these groups are dynamically updated within Entra ID, always representing the current state of your user base.

Create dynamic Entra ID groups and leverage the dynamic rules based on the objectID property. This property is a unique GUID for each user and thus a randomized number with statistically equal distribution of starting numbers/letters (HEX) over your user base.

For example, you can create regular expression match rules on the objectID property to create groups in any granularity. The following example shows how to use 2 groups with the following rules, to split your user base in 50%:

Group 1 (50%): (user.objectId -match "^[0-7].*")

Group 2 (50%): (user.objectId -match "^[8-9a-f].*")

To increase the granularity, you can add a “lower level” of number/letter to your regular expression, The following example shows how the fist 4 groups look like when you want to group into 32 groups.

Group1: (user.objectId -match "^0[0-7].*")

Group2: (user.objectId -match "^0[8-9a-f].*")

Group3: (user.objectId -match "^1[0-7].*")

Group4: (user.objectId -match "^1[8-9a-f].*")

...

For more information on dynamic Entra ID groups, see this Microsoft article.

Microsoft SharePoint

It is recommended to keep the number of SharePoint pages processed within a single backup policy lower than the recommended maximum.

SharePoint also offers Personal Sites for users. These sites may be considered as not intended for keeping important company data, which is why it is advised to check if they need to be protected or not. Depending on the number of Personal Sites within the organization, exclusion of Personal Sites from backup policies can drastically reduce the time and performance impact during backups.

Microsoft Throttling

During your initial full backup, Microsoft may be throttling your traffic due to the high load of Microsoft Exchange data. To mitigate this, you can temporarily disable Microsoft Exchange throttling in the Microsoft 365 admin center. For detailed instructions on how to disable Microsoft throttling, see this Veeam KB article.

Even after Microsoft throttling is disabled, Microsoft still throttles traffic and limits to processing 150 MB for each mailbox every 5 minutes.

Executing Backup Policies

You should not be executing more than one or 2 backup policies at the same time. For example, you can have mailboxes and Teams backup policies running at the same time, because they process data of different applications. You must never have OneDrive and SharePoint backup policies running at the same time, because OneDrive is built on top of SharePoint.

Backup Policies Start Time

Backup policies start times are dynamically managed to optimize system performance and ensure reliable service. Backups will always meet the agreed RPOs.

Editing Backup Policies

For information on how to edit existing backup policies, see Editing Flex Backup Policies and Editing Express Backup Policies.

NOTE

When you add a new user to a backup policy, Veeam Data Cloud for Microsoft 365 automatically attempts to add all child objects of the user data (Mailbox, Archive Mailbox, OneDrive, Personal Site) to the backup policy. If your backup policies are split into Exchange and Other items backups, you will need to edit the user and deselect the child objects you want to remove.

Restore

Before you restore your data, consider the listed recommendations and best practices for Veeam Data Cloud for Microsoft 365.

General Considerations

  • Data restore methods apply to Microsoft Outlook mailboxes, entire Microsoft OneDrives and Microsoft SharePoint sites. For other types of Outlook, OneDrive and SharePoint objects, you do not need to select the restore method.
  • Backup and restore of Microsoft Teams data is available to users of the Flex and Premium plans only. Users can restore Teams data flexibly and do not need to select the restore method.
  • Smaller restores may be quicker with Flex; benefits of Express are best realized with large restores.
  • Veeam Data Cloud for Microsoft 365 supports a maximum of 2 restore operations in parallel. To raise this limit in urgent cases, contact Veeam Customer Support.
  • Restore of OneNote notebooks from backups of Microsoft SharePoint, Microsoft OneDrive and Microsoft Teams data is not supported.

As a workaround, you can download the required OneNote file to your computer and then upload this OneNote file to your OneDrive or SharePoint site.

  • Preservation Hold items are not available for restore under the Flex plan.

Express Restore Considerations

General

  • Veeam Data Cloud for Microsoft 365 replaces data in the original location with the data from the backup. For example, if a user is making edits on a SharePoint site and you restore it to a previous state, the user will lose their edits.
  • When you create a backup policy for an Outlook mailbox, OneDrive account or SharePoint site, Veeam Data Cloud for Microsoft 365 starts generating restore points.
  • For Outlook, the restore points are created every 10 minutes. The retention period for these restore points is 52 weeks.
  • For OneDrive and SharePoint, the restore points are created every 10 minutes. The retention period for these restore points is 2 weeks. In addition, weekly restore points are created once a week. The retention period for these restore points is 50 weeks.

For more information, see this Microsoft article.

NOTE

The 52 and 50 weeks of retention are not applicable once a tenant is no longer under Express backup protection. When a tenant is offboarded, the protected data will be preserved for 90 days after the date of offboarding, and then the data will be deleted.

  • To restore an Outlook mailbox or OneDrive account for a user who is deleted from Microsoft Entra ID, do the following:
  • If the user has been deleted within the past 30 days, restore the user based on the instructions in this Microsoft article.
  • For Outlook, if the user account is permanently deleted, Microsoft retains the inactive mailbox for a set time. To restore the inactive mailbox, you must convert it to a new, active mailbox that is linked to a new user. For details, see this Microsoft article. Once you convert the inactive mailbox to an active one, remove the deleted user from the backup policy. Then, add the new user with the linked active mailbox to the backup policy.
  • For OneDrive, you can restore the OneDrive to the original location. Once restored, the OneDrive is in an "orphaned" state. For details on how to connect the OneDrive to a user, see this Microsoft article.

Outlook

  • For Outlook restore, only mailbox items that were changed, deleted to the Recoverable Items folder or purged can be restored. New mailbox items are kept. This can lead to unwanted data being restored.
  • You cannot back up mailbox draft items and thus cannot restore them.
  • For calendar item restore, restoring the organizer copy does not automatically update the attendee copies. It only allows the organizer to send updates for this calendar item in the future. This means that if an attendee has already accepted or declined the meeting, their copy of the calendar item will not be updated to match the restored organizer's copy, unless the organizer explicitly updates the meeting request.
  • Items moved to the Deleted Items folder will not be restored. Mailbox users can recover these items themselves by moving them back to the Inbox from the Deleted Items folder.
  • If the parent folder of an item has been deleted, the item will be restored to a newly created folder named Recovered Items YYYY-MM-DD, HH:MM.
  • The Outlook mailbox folder structure is not backed up. This means that while you perform a mailbox restore with multiple hierarchical folders, the folder structure is not reconstructed when restored. The restored mailbox items are located in a different folder, created by Microsoft.

OneDrive and SharePoint

  • Site search is case-sensitive and is a prefix-type search.
  • Restore will fail for OneDrive accounts or SharePoint sites under the strict SEC 17a-4(f) hold policy. You must remove the hold before you perform restore.
  • If you rename a tenant, move a tenant or change a SharePoint site URL, you cannot revert those changes when performing restore.