Druva inSync enables organizations to minimize risks with full data visibility, access, and compliance monitoring by providing a comprehensive backup, recovery, and archival of Microsoft 365 apps data. IT administrators can easily search, collect and preserve data of users to support legal and compliance needs.
This guide helps inSync administrators quickly deploy Druva inSync to protect Microsoft 365 apps in their organization.
Supported Microsoft 365 apps
Druva inSync supports the following Microsoft 365 apps for protection:
- Exchange Online
- SharePoint Online
For detailed information on supported editions and the data is backed up for Microsoft 365 apps, see Support Matrix for Microsoft 365.
View video to configure inSync for Microsoft 365 backup
Use Druva inSync to protect Microsoft 365 apps
Druva inSync administrator with one of the following role can configure Druva inSync to protect Microsoft 365 data:
- Druva Cloud administrator
- inSync Cloud administrator
- Any inSync administrator with role and privileges to manage Cloud Apps
Step 1: Provide Druva inSync access to Microsoft 365 apps data
Druva inSync requires access to the Microsoft 365 tenant from which the user data should be backed up. Microsoft 365 global administrator must authorize Druva inSync to access the user data. Druva inSync requires specific permissions to access, backup, and restore the user data. To view the list of required permissions by Druva inSync, see:
Here is a quick overview of the Druva inSync access and configuration process:
You need a Microsoft 365 Global administrator account with a valid Microsoft 365 license to provide access to Druva inSync.
On the Druva inSync Management Console menu bar, click Data Sources > Cloud Apps. The Manage Cloud Apps page appears.
Select Microsoft 365 Cloud App, and then click Configure.
On the login page that appears, enter the tenant administrator's username and password for Microsoft 365, and then click Sign in.
On the next page that appears, click Accept to grant Druva inSync app the required permissions to access Microsoft 365 data. Druva inSync gets connected to Microsoft 365 data of all users in your organization.
After you provide the access to Druva inSync with Microsoft 365 app, you can use the Verify Configuration option to check if Druva inSync can access your tenant.
To verify the configuration:
On the inSync Management Console menu bar, click Data Sources > Cloud Apps.
On the Manage Cloud Apps page, select Microsoft 365, and then click Verify Configuration.
In the Verify Configuration dialog that appears, select a user.
Provide an email address in the Select a user field.
User Principal Name (UPN) is not supported at the moment.
Druva inSync recommends that you enter an organization's user email address to check if the configuration works instead of an administrator user.
When you select a user, Druva inSync performs the following checks as a part of verification:
App authentication: This step checks if Druva inSync can generate refresh tokens and access tokens for the application. This step detects changes related to Microsoft 365 permissions.
User and user’s endpoints existence: This step checks if the user exists at the Microsoft 365 end.
If any of the authentication steps fail, you are prompted with an error message. Click the error message to view the error details.
Step 2: Configure Druva inSync to backup Microsoft 365 app data
Enable Microsoft 365 app backup in profile
A profile in Druva inSync defines the backup settings, preferences, schedules and retention policy to protect the Microsoft 365 data. A profile can then be associated with the inSync user accounts whose data is backed up and protected based on the defined settings.
To configure a profile to backup Microsoft 365 app data, see Configure a Profile.
You can create a separate profile to backup each Microsoft 365 app.
To configure SharePoint Online, see Configure and manage SharePoint Online for protection.
Get user data encryption key(ekey)
To ensure that the Microsoft 365 data that is backed up is secure, you must configure Druva inSync to get the data encryption key (ekey).
inSync requires access to the ekey to initiate the scheduled backup of any Microsoft 365 app data. The ekey is used to encrypt the user data when it is being backed up to the inSync Cloud. This is part of the digital envelope encryption process that Druva strictly adheres to. Druva does not store ekey of the users and has no access to the data.
Use one of the following methods to enable Druva inSync to get the user data encryption key(ekey):
Configure Cloud Apps settings for Microsoft 365
Define the user attribute that you want Druva inSync to use to map user account to their Microsoft 365 app account.
- By default, inSync uses the email address of users to map users to their Cloud Apps account.
- Only inSync administrators with the Cloud administrator role can configure the user account access settings.
Step 3: Add Microsoft 365 app users to Druva inSync
To start the backup of Microsoft 365 app data of users, inSync administrator must add or create users in Druva inSync. Druva inSync supports the following methods to add or create new users:
If users are already created in inSync, assign the profile that you specifically created to manage Cloud App users. To manually assign a profile to a user, see Update the profile assigned to users.
Step 4: Manage backup, restore, and monitor Microsoft 365 apps
After adding users, Druva inSync automatically triggers the first backup of the configured user accounts and backs up the data as per the profile configuration.
Manual or on-demand backup
As an inSync Cloud administrator, you have an option to initiate an unscheduled backup of Microsoft 365 apps data as and when necessary.
Restore Microsoft 365 apps data
Restore of data ensures that the data is available for future reference and business continuity and can be retrieved in case of accidental deletion or malicious activities.
- As an inSync Cloud administrator, you can restore the Microsoft 365 app data using the inSync Management Console
Download Microsoft 365 apps data
inSync provides you with an option to download Microsoft 365 app data at custom locations such as laptop or desktop. You can perform a download of entire Microsoft 365 apps data or selective downloads of specific data residing within Microsoft 365 apps.
- As an inSync Cloud administrator, you can download the Microsoft 365 app data using the inSync Management Console