Skip to main content

How can we help you?

Druva Documentation

Configure Druva inSync to protect Teams data

License editions: To understand the applicable license editions, see Plans & Pricing.

Before you begin

Before you begin, consider the following: 

  • Some of the Teams Metadata and Private Channel APIs are in Beta state.  See, Microsoft Graph API to work with Microsoft Teams
  • Before you initiate inSync configuration to protect Teams data, ensure that you have a Microsoft 365 global administrator account with a valid Microsoft 365 license.
  • If your organization uses Azure AD Conditional Access policies for authenticating and providing conditional access to users, the app configuration step adheres to these policies. For more information, see Support for Azure Active_Directory (AD) Conditional Access policies.
    If the conditions in the access policies are not satisfied, the token-based authentication fails "Microsoft 365 configuration failed" error.

Step 1: Provide inSync permissions to access Teams data

To begin with Teams data backup, you need to authorize inSync with Teams app data access. For procedure with screenshots, see Configure Druva inSync for Microsoft 365.

Once you initiate app configuration from the inSync Management Console, the application redirects you to the Microsoft 365 login page. Log in as a Global Administrator to review the requested app permissions and grant access to the app data. To know more about the requested permissions and their purpose, check the Microsoft 365 App Permissions for Druva App article. 

inSync communicates with Microsoft 365 services using OAuth 2.0, an open protocol for token-based authentication and authorization. For more information, see the OAuth website.

Step 2: Get data encryption key (ekey)

To ensure that the Microsoft 365 data that is backed up is secure, you must configure inSync to get the data encryption key(ekey).  inSync requires access to the ekey to initiate the scheduled backup of any Microsoft 365 app data. The ekey is used to encrypt the data when it is being backed up to the inSync Cloud. This is part of the digital envelope encryption process that Druva strictly adheres to. Druva does not store ekey of the users and has no access to the data.

Use one of the following methods to enable inSync to get the data encryption key(ekey):

  • inSync Connector: inSync Connector acts as a SaaS Apps connector to provide the ekeys without requiring users to have their devices connected for the SaaS Apps backup . See,  Integrate inSync user management with AD/LDAP
  • Key Management for SaaS Apps: The Cloud Key Management feature is a secured method to backup the SaaS Apps data and is an alternative method to the inSync AD Connector based deployment. See, Configure Cloud Key Management for Cloud Apps

Step 3: Configure Teams for backup and restore

You can configure Teams for backup and restore in the following ways:

  • Auto Configuration: Use this method to automatically detect any new Teams and to apply the global or same backup schedule to each of the newly discovered and configured Teams. 
  • Manual Configuration: 

The status of all the discovered Teams by default is set as Not Configured.  After configuration, the status is updated to Enabled. For more information about the status of discovered Teams, see Teams Status.

Auto configuration 

  1. In the Microsoft 365 Overview page, click Teams on the left pane.
  2. A lists all the discovered Teams is displayed.
  3. Click Auto Configuration and configure the following settings:
Field Description
Discovery and Storage settings
Auto discover teams for backup Select this check box if you want inSync to automatically discover new Teams added to the Teams setup of your organization. inSync runs the discovery process every 24 hours. This setting is enabled by default.
Auto Assign Storage Select this checkbox if you want inSync to automatically assign storage for any newly discovered Teams. It is mandatory for Teams to be assigned storage for inSync to back it up.
Select Storage

Displays all the configured storage regions. Select storage from the list. 

Note: Storage once assigned cannot be changed later.Backup Settings 

Backup settings
Backup frequency Select the frequency of backups for Teams. By default, the value is set to Once a Day.
Data Retention

Configure the daily, weekly, and monthly retention settings. For more information, see Configure the backup retention policy.

Manual configuration

  1. In the Microsoft 365 Overview page, click Teams on the left pane
  2. A lists all the discovered Teams is displayed.
  3. Click the Team that you want to configure for backup and restore. The  Configure Team Backup page update the following.
Field Description
Summary 
Team Name Displays the name of the Team.
Assign storage

Assign storage for backups.

Select storage from the drop-down list.

Storage once assigned cannot be changed later.

Backup Settings

Settings 

  • Use Default (Default)-Select this option if you want to apply the defined global Teams' settings for this Team. The settings are displayed and can't be edited. 
  • Custom - Select this option if you want to define custom settings for this team. This enables you to define a custom backup schedule for the selected Team. 

Backup frequency

Select the frequency of backups for Teams.

  • Select Use Default option to apply the default backup frequency set for Auto Configuration Settings.
  • Select the Custom option to set and apply the desired backup frequency for the selected Teams.

If you have selected Custom, then you have the option to select and set the desired backup frequency.

Note: For successful scheduled backups, ensure that the pre-requisites to backup SaaS Apps data are met.

Data Retention

Configure the daily, weekly, and monthly retention settings. For more information, see Configure the backup retention policy.

Data Lock

Note: Only Cloud Administrators can enable the Data Lock feature.

Enables the Data Lock feature. For more information, see Data Lock.

​​​​​To enable the Data Lock feature:

  1. Click Custom and under Data Lock, select the Enable Data Lock checkbox.
  2. On the confirmation window, click Yes.
     

On the summary page, the Data Lock status is displayed as enabled. These details will be captured in the Admin Audit Trail for auditing purposes. 

Note: Once you enable the Data Lock feature, you cannot:

  • Delete the snapshots.
  • Edit the retention period.
  • Disable the Data Lock setting.
  • Go back to default settings.​​​​

  • Was this article helpful?