To ensure that your Keepit backup is performed correctly and to avoid problems down the line, we recommend the following when setting up your Microsoft (Office) 365 account:
- Create a unique account for backup
Set up a dedicated Microsoft 365 service account to handle the backup. This will prevent future problems. For example, if the employee responsible for backup leaves the company, the backup account can be passed on to someone else.
We recommend you name the account and email as descriptively as possible (e.g., Keepit Backup / email@example.com). This will avoid confusion as this user will be made a member of all groups and private channels.
- Assign the Global administrator role
When creating the new service account, assign it the Global administrator role. This is necessary because only through a user with this role can Keepit obtain full access to data and thus include all data in the backup.
The Global administrator will automatically become a member of all groups and private channels that are being backed up.
If needed, it is possible to remove the Global admin role from the user used for the backup after a connector is created. For more information, see: Removing the Global admin role from the backup service account.
- Assign a license to the Global administrator
You must assign the Global administrator a license. This will ensure that all your data is properly backed up.
The license is also what grants the Global administrator access to Microsoft Teams, which in turn will allow the Keepit software to make the user a member of all Microsoft 365 Groups and Teams. This is vital because Keepit can only back up Microsoft 365 Groups that the Global administrator is a part of.
The Global administrator must also have a license for the backup of Public Folders.
The following license plans give the Global administrator access to Microsoft Teams: Business Essentials; Business Premium; Enterprise E1, E3, or E5; Enterprise E4 (for anyone who purchased this plan prior to its retirement). For more information about license plans, see: How do I get access to Microsoft Teams?
- Grant the Global administrator Owner level permissions
If you want to back up Public Folders, make sure that the Global administrator has Owner level permissions on all folders. If you have existing Public Folders, make sure to grant the Global admin Owner level permissions at the root level, as well as check that the Global admin has these permissions on all sub-folders down the entire hierarchy. If you create a new Public Folder, then simply make sure to set Owner permissions at the root level and all new sub-folders will automatically have the proper permissions.
- Create AD groups
Create dedicated groups of users from your Active Directory (your company directory in Microsoft). You will then be able to choose these AD groups in the Keepit configuration when selecting what accounts to back up, making it easy to configure the backup of multiple users at a time. This will also bring you more control over what users are being automatically added to the backup. For more information, see: Selecting users for Exchange and OneDrive backups
Keepit supports the backup of users in different types of Microsoft 365 groups, including unified groups, security groups, mail-enabled security groups, distribution lists, and dynamic groups. For more information about groups in Microsoft, see: Compare Groups.
In Microsoft 365, you can create groups by selecting Groups > Active groups in the left navigation pane, and then choosing Add a group. For a full guide on how to create groups, see: Create a group in Microsoft 365 admin center.