To ensure that your Keepit backup is performed correctly and to avoid problems down the line, we recommend the following when setting up your Office 365 account:
- Create a unique account for backup
Set up a dedicated Office 365 service account to handle the backup. This will prevent future problems. For example, if the employee responsible for backup leaves the company, the backup account can be passed on to someone else.
We recommend you name the account and email as descriptively as possible (e.g., Keepit Backup / firstname.lastname@example.org). This will avoid confusion as this user will be made a member of all Teams and Groups and an admin of all SharePoint Sites being backed up.
- Assign the Global administrator role
When creating the new service account, assign it the Global administrator role. This is necessary because only through a user with this role can Keepit obtain full access to data and thus include all data in the backup.
The Global administrator will automatically become a member of all Groups & Teams that are being backed up. The Global administrator will also be made a Site Collection Administrator of SharePoint sites included in the backup. And finally, the Global administrator will be made a Site Collection Administrator of users' OneDrives included in the backup.
Note: It is possible to manually remove the service account from a group or from the list of Site Collection Administrators. However, this should only be done if you need to switch accounts or are stopping the backup altogether.
- Assign a license to the Global administrator
You must also assign the Global administrator a license that grants them access to Microsoft Teams, which in turn will allow the Keepit software to make the user a member of all Office 365 Groups and Teams. This is vital because Keepit can only back up Office 365 Groups that the Global administrator is a part of.
The Global administrator must also have a license in order for Public Folders to be backed up.
The following license plans give the Global administrator access to Microsoft Teams: Business Essentials; Business Premium; Enterprise E1, E3, or E5; Enterprise E4 (for anyone who purchased this plan prior to its retirement). For more information about license plans, see: How do I get access to Microsoft Teams?
- Grant the Global administrator Owner level permissions
If you want to back up Public Folders, make sure that the Global administrator has Owner level permissions on all folders. If you have existing Public Folders, make sure to grant the Global admin Owner level permissions at the root level, as well as check that the Global admin has these permissions on all sub-folders down the entire hierarchy. If you create a new Public Folder, then simply make sure to set Owner permissions at the root level and all new sub-folders will automatically have the proper permissions.
- Create groups
If appropriate for your organization, create a dedicated group of users from your Active Directory (your company directory in Microsoft). You will then be able to choose these AD groups in the Keepit configuration when selecting what accounts to back up, making it easy to configure the backup of multiple users at a time. Keepit supports the backup of individual accounts in Office 365 Groups (also known as Unified Groups), Security Groups, and Distribution Lists. For more information about groups in Microsoft, see: Compare Groups.
In Office 365, you can create groups by selecting Groups in the left navigation pane, and then choosing Add a group. For a full guide on how to create groups, see: Create an Office 365 group in the admin center.
In Keepit, when configuring your backup you will see the groups you created under Select accounts for Office 365, in the AD Groups tab.