Search This Blog

Saturday, June 25, 2022

Note Taking : Veeam Backup for Microsoft 365 Best Practice

This blog post is my note-taking on Veeam Backup for Microsoft 365  Best Practice.

Security & Hardening

Patching 

Latest Windows Operating system patching on all veeam components

Authentication

1. Use Modern app-only authentication

2. Modern authentication with legacy protocols allowed [limited]

Veeam components

1. Workgroup / Join to domain for all veeam components

2. Self-signed certificate might not be allowed by enterprise customers. Prefer PKI (Internal PKI or External (Public) Certificate

Data Separation

1. Backup Copy 

Can put on different cloud provider

Encryption

Additional security with at rest AES 256 encryption for Microsoft 365 data in object storage

Note: Password loss protection is NOT available

Self Service Restore Portal

1. Dedicate administrator to restore administrator 

2. Access Self-Service Restore Portal for recovery. Avoid login to VM