Considerations

Before you back up your data, consider the listed recommendations and best practices in Veeam Data Cloud for Microsoft 365. Then, depending on your license plan, create new backup policies. For more information, see Creating Flex Backup Policies and Creating Express Backup Policies.

Number of Backup Policies

You can configure backup policies based on Users, Groups, Sites, Teams and Organizations (entire or partial).

If you configure a single backup policy for all your data, there are challenges due to risks like a single point of failure, management complexity, backup duration, and restore issues.

As a best practice, it is recommended to split backup objects into several backup policies, considering both the number of objects and the infrastructure capacity.

It is advisable to create a backup policy for each application. For example, create separate backup policies for Exchange, OneDrive, SharePoint and Teams. It is also recommended to have one backup policy for archive mailboxes, one for mailboxes, one for Teams, SharePoint, OneDrive, and so on.

It is not recommended to back up your entire organization due to size and performance drawbacks.

Recommended Maximums

While one SharePoint site counts as an object for sizing the Veeam Data Cloud for Microsoft 365 infrastructure, this does not always accurately represent the impact on the backup infrastructure. For example, a SharePoint site with 250,000 documents within a document library takes more compute resources to process than a simple 50 MB intranet site. It is advised to adhere to the limits specified by Microsoft for SharePoint, and to pay special attention to the guideline that suggests “For optimum performance, we recommend storing no more than 300,000 files in a single OneDrive". For more information, see this Microsoft article.

It is recommended to have no more than 2,000 users in a backup policy.

User-Based Services

For easier maintenance, backup policies for all user-based services in Exchange, as well as Exchange Archive, OneDrive, and Personal SharePoint Sites, should be based on user or group objects.

  • If you want to back up all the users in the tenant, select the Partial Organization option and create one backup policy for each service.
  • If you want to back up a subset of the users, create backup policies using groups. When you do not have groups, create new groups or manually select users and sites. In case you want the list of users of a backup policy to be automatically updated between backup policy runs, do not use simple groups, because you must manually update the groups every time a new user is added or removed from the groups. Use Dynamic Entra ID groups instead, because they are dynamically updated.

Dynamic Entra ID Groups

It is a best practice to use dynamic Entra ID groups for user-based backup policies, because these groups are dynamically updated within Entra ID (formerly Azure AD), always representing the current state of your user base.

Create dynamic Entra ID groups and leverage the dynamic rules based on the objectID property. This property is a unique GUID for each user and thus a randomized number with statistically equal distribution of starting numbers/letters (HEX) over your user base.

For example, you can create regular expression match rules on the objectID property to create groups in any granularity. The following example shows how to use 2 groups with the following rules, to split your user base in 50%:

Group 1 (50%): (user.objectId -match "^[0-7].*")

Group 2 (50%): (user.objectId -match "^[8-9a-f].*")

To increase the granularity, you can add a “lower level” of number/letter to your regular expression, The following example shows how the fist 4 groups look like when you want to group into 32 groups.

Group1: (user.objectId -match "^0[0-7].*")

Group2: (user.objectId -match "^0[8-9a-f].*")

Group3: (user.objectId -match "^1[0-7].*")

Group4: (user.objectId -match "^1[8-9a-f].*")

...

For more information on dynamic Entra ID groups, see this Microsoft article.

Microsoft SharePoint

It is recommended to keep the number of SharePoint pages processed within a single backup policy lower than the recommended maximum.

SharePoint also offers Personal Sites for users. These sites may be considered as not intended for keeping important company data, which is why it is advised to check if they need to be protected or not. Depending on the number of Personal Sites within the organization, exclusion of Personal Sites from backup policies can drastically reduce the time and performance impact during backups.

Microsoft Throttling

During your initial full backup, Microsoft may be throttling your traffic due to the high load of Microsoft Exchange data. To mitigate this, you can temporarily disable Microsoft Exchange throttling in the Microsoft 365 admin center. For detailed instructions on how to disable Microsoft throttling, see this Veeam KB article.

Even after Microsoft throttling is disabled, Microsoft still throttles traffic and limits to processing 150 MB for each mailbox every 5 minutes.

Executing Backup Policies

You should not be executing more than one or 2 backup policies at the same time. For example, you can have mailboxes and Teams backup policies running at the same time, because they process data of different applications. You must never have OneDrive and SharePoint backup policies running at the same time, because OneDrive is built on top of SharePoint.

Editing Backup Policies

For information on how to edit existing backup policies, see Editing Flex Backup Policies and Editing Express Backup Policies.

NOTE

When you add a new user to a backup policy, Veeam Data Cloud automatically attempts to add all child objects of the user data (Mailbox, Archive Mailbox, OneDrive, Personal Site) to the backup policy. If your backup policies are split into Exchange and Other items backups, you will need to edit the user and deselect the child objects you want to remove.