Considerations and Best Practices for M365 Data Protection

Mailbox Protection

Considerations

Review and understand the following considerations before you protect your Microsoft 365 Exchange Online data: 

• Restore can be done at the mailbox, folder, or item level. Currently, restoration at the Protection Group level is not supported.
• Restore for items in the same mailbox from different recovery points is not supported in the same recovery task. You need to create different restore tasks for different recovery points. 
• If the email already exists at the destination during the restore workflow, then the email is skipped. 
• Backup of mailbox and OneDrive for an individual user happens sequentially. However, backup of mailboxes and OneDrive belonging to different users happens in parallel.
• Backup or restore of calendar items, tasks, contacts, notes is not enabled by default.
• Converted-shared mailboxes are not backed up by default.
• The backup or recovery of Mailboxes, OneDrives, SharePoint Online Sites, and MS Teams are executed in parallel as long as there are enough resources on the Cohesity cluster. However, the backup or recovery operations are serialized for the Mailboxes and OneDrives that belong to the same user, and the operations execute in first-in-first-out order.For example, if the backup of a user's mailbox is in progress, then the backup of the user's OneDrive starts only after the backup of the mailbox completes.
• The Retirement of RBAC Application Impersonation in Exchange Online has no known impact on the Microsoft 365 Exchange Online Mailboxes, Teams, and Groups protection workflow on the Cohesity cluster.
• Conversation History/Team Chat folder is excluded during Exchange Online backup by default.

Best Practices

To protect your Microsoft 365 data, Cohesity recommends the following best practices:

• Set Retry Options to 1, as the Microsoft 365 connector already has the retry mechanism handling failed requests. There is no need to increase the value for this setting in the Cohesity Protection Policy.
• Use Auto Protect to avoid adding new users to the Protection Group manually.
• Avoid adding the same users in multiple Protection Groups.

OneDrive

Considerations

• Backup and restore of OneNote files in the OneDrive are not supported.
• Backup and recovery of the Recycle Bin in OneDrive is not supported.
• Backup of the mailbox and the OneDrive for an individual user happens sequentially. However, backup of mailboxes and OneDrive belonging to different users may happen in parallel.
• The backup or recovery of Mailboxes, OneDrives, SharePoint Online Sites, and MS Teams are executed in parallel as long as there are enough resources on the Cohesity cluster. However, the backup or recovery operations are serialized for the Mailboxes and OneDrives that belong to the same user, and the operations execute in first-in-first-out order. For example, if the backup of a user's mailbox is in progress, then the backup of the user's OneDrive starts only after the backup of the mailbox completes.
• The user list containing users with protected mailboxes show as protected when creating a Protection Group for OneDrive and vice-versa. 

Best Practices

To protect your Microsoft 365 data, Cohesity recommends the following best practices:

• Set Retry Options to 1, as the Microsoft 365 connector already has the retry mechanism handling failed requests. There is no need to increase the value for this setting in the Cohesity Protection Policy.
• Use Auto Protect to avoid adding new users to the Protection Group manually.
• Avoid adding the same users in multiple Protection Groups.

SharePoint Online

Considerations

• Only the list schema is backed up as part of the SharePoint online backup. The list items are not part of the SharePoint online backup. 
• SharePoint Online sites associated with a Microsoft Group or Microsoft Teams are not protected by default. 
• Backup and restore of OneNote files associated with the SharePoint Online sites are not supported. 
• Document libraries enabled with the ForceCheckout option are not restored. 
• Restore of sites with Out of the box (OOTB) modern theme or composed look is not supported. 
• Backup and restore of sites or subsites URLs with non-ANSI characters are not supported.
• Restore of a site collection is not supported if the site URL has changed after the backup. 
• In a document library, the documents in the initial version v1.0 and checked-out are not backed up. 
• By default, only the SharePoint Online sites created in the central storage location of your M365 tenant are discovered and protected. SharePoint Online sites created in satellite storage locations of your M365 tenant are not discovered and protected.
• Backup of checked-out files in SharePoint is not supported.

Best Practices

To protect your SharePoint Online data, Cohesity recommends the following best practices:

• In the Protection Policy, set Retry Options to 2 or 3, with a small interval between the retry attempts.
• Use Auto Protect to automatically include the newly added sites on SharePoint Online to the Protection Group.
• Avoid adding the same sites in multiple Protection Groups.

Teams

Considerations

• Channel conversations are not backed up.
• A Team must have at least one owner with a license and login-enabled for that owner.
• Alternate restore of multiple Teams is not supported. But, you can recover multiple Teams to the original Microsoft 365 domain.
• Restoring deleted private channels or private channels in a deleted team to the original location is not supported.
• Private channels are not restored as a part of the alternate restore.
• Recovery of the following Team data is not supported:
  • Channel Tabs
  • Team Apps
  • Public or Private Channel conversations or posts
  • Files that belong to system document libraries.
• System document libraries of the associated Teams sites are not backed up.
• Backup and restore of OneNote files associated with the Teams are not supported.
• If the private channel members are deleted from the channel but are still part of the Team or changed from owner to member, the private channel members are restored. However, if a member has changed to the owner, the change is retained after the restoration.
• The entities protected for Teams include the SharePoint sites associated with the Team.
• New Teams Channels created as part of the restore are created with the suffix: _coh<uniqueint>. Where _coh is appended to the channel name, and uniqueint is a random integer value.
• A new Team is created when you restore the deleted Teams to their Original Location. If the restore fails, you need to clean up the newly created team manually.
• Restoration fails if the group properties are not updated appropriately during restoration. In this case, you need to retry the restore.
• For alternate search and restore of Teams files, the new Teams Channels created as target Team Channels will be public channels.
• Suppose folders such as Feeds, Sync Issues, Legacy Archive Journals, Outbound, Managed Folders, Files, Yammer Root, Clutter, MeContact, and Archive, are not already present. In that case, these folders are skipped during restore.
• Backup and recovery of channel tabs are not supported.

Best Practices

To protect your Microsoft 365 Teams data, Cohesity recommends the following best practices:

• In the Protection Policy, set Retry Options to 2 or 3, with a small interval between the retry attempts.
• Use Auto Protect to automatically include the newly added sites on Microsoft 365 Teams to the Protection Group.
• Avoid adding the same sites in multiple Protection Groups.

Groups

Considerations

• Granular recovery of Group items is not supported.
• Restoring to an alternate Microsoft 365 domain is not supported.
• Using a Group recovery job, you can only restore only one Group.
• Recovering system document libraries (libraries that are present in the Group site by default - Site Assets, Style Library, Documents, and Form Templates) is not supported. You can recover only the non-system document libraries in a Group site.
• Cohesity does not support Groups data protection in a multitenant environment.
• Groups must have owners for the backups to function properly.

Best Practices

To protect your SharePoint Online data, Cohesity recommends the following best practices:

• In the Protection Policy, set Retry Options to 2 or 3, with a small interval between the retry attempts.
• Use Auto Protect to automatically include the newly added sites on SharePoint Online to the Protection Group.
• Avoid adding the same sites in multiple Protection Groups.