September 30, 2020
How to Back Up OneDrive for Business with NAKIVO Backup & Replication
OneDrive for Business is a reliable cloud storage service included in the Office 365 suite. However, Microsoft doesn’t provide any features to back up OneDrive data. Read more about built-in Office 365 features for OneDrive data recovery, Office 365 backup policies, and Advanced Threat Protection. But you need to know that these Microsoft policies and recovery functions may not be enough to recover your data when you lose files. Using third-party data backup software is recommended for everyone who stores data on local disks and in the cloud. Microsoft applies high security standards to protect users’ data. However, most data loss is caused by user error or malware on users’ workstations. Usually users back up data to OneDrive and think that it is not necessary to protect data stored in the cloud; however, data on OneDrive should also be backed up.
This blog post explains how to perform OneDrive for Business backup with NAKIVO Backup & Replication, a backup solution that can help you protect your Microsoft Office 365 data. With NAKIVO Backup & Replication you can back up OneDrive for Business and Exchange Online data, and recover the items you need when you need them. Configuration consists of the following steps:
- Configuring API permissions for NAKIVO Backup & Replication in the Azure portal
- Adding an Office 365 account of your organization to the inventory of NAKIVO Backup & Replication
- Creating a Backup Repository in NAKIVO Backup & Replication
- Creating and running a backup job
Configuring Permissions for a Backup Application
Before you begin, here’s what you need to perform a OneDrive backup in NAKIVO Backup & Replication:
- An Office 365 account for your organization
- The user account with administrator permissions for Office 365
- NAKIVO Backup & Replication v.10.1 or higher
In order to use NAKIVO Backup & Replication to perform OneDrive backup and recovery, you have to generate access IDs and configure API access for the backup application in the Azure portal. NAKIVO Backup & Replication uses Microsoft APIs for working with Office 365.
Open the web interface of the Azure portal by using the link:
Enter the credentials of the Office 365 administrator account (the email address and password). If two-factor authentication is configured for this account, you will also have to enter a confirmation code. In our example firstname.lastname@example.org is the Office 365 administrator account.
On the web page of the Microsoft Azure portal, click Azure Active Directory.
In this example, the Active Directory name is Nakivo. By default, the Default directory name is displayed for Active Directory in Azure.
The Register an application window opens.
Enter the name for the application that you are registering, for example, NAKIVO_10-1.
Supported account types. Who can use this application or access this API? Select the third option:
- Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox).
Click the Register button. By proceeding, you agree to the Microsoft Platform Policies.
You will be redirected to Home > Nakivo > NAKIVO 10-1.
In the Overview section of this page, identifiers (IDs) are displayed. A Directory (tenant) ID and Azure (client) ID are generated when registering an Office 365 account in the Azure portal. Save these ID values in a safe place. You will need them later.
Our IDs are:
Application (client) ID: vv807d81-5e44-26e5-7621-dd5e21843a6a
Directory (tenant) ID: adb12933-1385-31a7-aa4f-b614511df15a
Object ID: 1d67c837-19e0-40e6-aef5-e7ef0537271a
Click View API permissions.
On the API permissions page, click Add a permission to add permissions for NAKIVO Backup & Replication, which is the backup application we’re using to back up Microsoft OneDrive for Business.
Hit Microsoft Graph to request API permissions. Microsoft Graph is a restful web API that is used to enable access to Microsoft cloud services and resources. After you register the app, you can make requests to the Microsoft Graph API.
On the next page in the Microsoft Graph section, click Application permissions.
You have to add the permissions listed in the table below to perform Office 365 backup and recovery, including OneDrive backup and recovery in NAKIVO Backup & Replication.
|Exchange Online||Mail>Mail.Read |
Backup and recovery of shared mailboxes
Backup and recovery
Backup and recovery
In our example, we add all the following permissions:
In the window with the list of API permissions for applications, open the appropriate categories and select these permissions. On the screenshot below, you can see how to select Files>Files.Read.All and Files>Files.ReadWrite.All permissions. When all the needed permissions are selected, click Add permissions.
We are redirected back to the API permissions page for our application (NAKIVO_10-1).
Click the three dots (…), then click Grant admin consent for Nakivo (the name of your directory can be different than Nakivo that is used in our case).
After adding the NAKIVO_10-1 application and adding the needed API permissions on the API permissions page, the status of the permissions is Not granted (see the screenshot below).
We need to change the status to Granted. In order to grant the status of permissions, we have to click the three dots (…), and hit Grant admin consent for Nakivo.
At this step, you will see the following question:
Do you want to grant consent for the requested permissions for all accounts in Nakivo? This will update any existing admin consent records this application already has to match what is listed below.
Hit Yes to confirm and grant permissions.
Now the status of API permissions for our backup application is changed to Granted for Nakivo.
Now we are ready to generate the Client secret ID.
In the navigation pane of the web interface of the Azure portal, select Certificates & secrets and click New client secret in the Client secrets section.
Define all needed parameters in the window that opens to add a client secret.
Description: Secret ID 10-1 (you can use a custom name)
Expires: In 2 years (the expiration limit can be used for security purposes)
The Secret ID is now displayed. Click Copy to clipboard and save this secret ID in the safe location. If you lose the secret ID, you will need to generate a new one.
Our client secret ID: @DhF4ah3eSj-cF-sJf40_HvhDE5AVbcH
Now we can move on to configuring NAKIVO Backup & Replication to perform OneDrive for Business backup.
Adding the Office 365 Account to the Inventory
We need to add the Office 365 account for our organization to the inventory of NAKIVO Backup & Replication.
Open the web interface of NAKIVO Backup & Replication in a web browser. Enter your username and password to log in.
Go to Settings > Inventory.
Click Add new and select Microsoft 365 account to add the Office 365 account of your organization.
In the Add New Microsoft 365 Account window, enter Tenant ID, Azure Client ID, and Azure Client Secret that you have saved from the Azure portal.
In our example, we’re using our IDs for NAKIVO_10-1.
Tenant ID: adb12933-1385-31a7-aa4f-b614511df15a
Azure Client ID: vv807d81-5e44-26e5-7621-dd5e21843a6a
Azure Client Secret: @DhF4ah3eSj-cF-sJf40_HvhDE5AVbcH
Now our Office 365 organization account is displayed in the Inventory of NAKIVO Backup & Replication. All Office 365 user accounts of our organization are added. The amount of used storage space, and the number of user mailboxes and OneDrives are displayed.
The following error may occur at this step:
The “Office365” (the account name) Microsoft 365 account is inaccessible.
The provided user account has insufficient permissions. Add API permissions for Microsoft 365 support.
If you see this error message, check the API permissions for NAKIVO Backup & Replication in the Azure Active Directory settings of the Azure portal.
Creating a Backup Repository
Now you should create a Backup Repository to store your Office 365 backups locally. In NAKIVO Backup & Replication, OneDrive backups require a special SaaS (software as a service) Backup Repository type that is used for Office 365 data backup in NAKIVO Backup & Replication.
Go to Settings > Repositories.
Click Add Backup Repository, then hit Create new backup repository.
- Type. Select Microsoft 365. Only this repository type can be used for Office 365 and OneDrive backup.
Hit Next at each step to continue.
- Name & Location. Enter the repository name, select the assigned Transporter and define the path to the local folder on the machine on which the selected Transporter is running and where the Backup Repository will be located.
Name: Office 365 repo
Assigned transporter: Onboard transporter
Path to the local folder: /opt/nakivo/repository (this is the default path)
- Options. Leave the “Detach this repository on schedule” checkbox unselected. It is not necessary to detach the repository on schedule in most cases. This option can be used to preserve data consistency when you need to disconnect a Backup Repository. Hit Finish to finish the Office 365 Backup Repository creation.
Now the Office 365 Backup Repository is created and you can see it in the Repositories tab. The number of existing backups in the Backup Repository and amount of free space are displayed. There must be more than 5 GB of free space in the Office 365 Backup Repository for it to work properly.
Creating a New OneDrive Backup Job
Everything is ready to create a backup job in NAKIVO Backup & Replication and run a OneDrive for Business backup.
Go to the home page. On the Dashboard, click Create and select Microsoft 365 backup job.
The New Backup Job Wizard for Office 365 opens.
- Sources. Select the accounts of Office 365 users in your organization that you want to back up. You can select Office 365 accounts for Exchange Online and OneDrive for Business separately by selecting the appropriate checkboxes. In our example, we are going to back up OneDrive for the Office 365 account of Michael Bose. You can use live search to find the needed items. Hit Next at each step of the wizard to continue.
- Destination. In the drop-down list, select the destination repository where you want to store your OneDrive backup. Only repositories of the Microsoft 365 type can be selected. Click a user name to expand the Advanced setup to specify different destination for each item/user.
- Schedule. Select scheduling options. If you don’t want to run this OneDrive backup job on schedule, select the “Do not schedule, run on demand” checkbox. Scheduling options for an Office 365 backup job in NAKIVO Backup & Replication are similar for different backup job types.
- Retention. Set the needed retention settings. These provided options allow you to use the GFS retention policy.
- Options. Define the job options. Enter the job name, for example, OneDrive backup job and define other job options. The length of a job name can be up to 50 Unicode characters. When all options are set, click Finish & Run, and select Run for all items.
Wait until the OneDrive backup job is finished. Time needed to finish the backup job depends on the amount of data to back up and the internet connection speed. You can see job progress on the main page and in the Activities tab.
How to Recover OneDrive Files
Let’s explain how to recover deleted files and folders in OneDrive for Business by using NAKIVO Backup & Replication. On the screenshot below, you see the web interface of OneDrive. The Documents folder and the test1.doc file were deleted after performing the OneDrive backup with NAKIVO Backup & Replication. We are going to recover these items with NAKIVO Backup & Replication by using the existing backup.
Open the web interface of NAKIVO Backup & Replication, go to Dashboard and click Recover > Microsoft 365.
The Object Recovery Wizard for Microsoft 365 opens.
- Backup. In the backup job, select the OneDrive account you want to recover from. As we backed up only one Office 365 account of Michael Bose for OneDrive, we select this account to recover from. If you backed up multiple Office 365 user accounts for Exchange Online and OneDrive for Business, they will also be displayed in the list of available accounts to recover from.
Once the needed account is selected, select the needed recovery point in the right pane. We select the oldest recovery point in our example.
Hit Next to continue.
- Recovery Account. Select the recovery account. We are going to recover OneDrive data to the same Office 365 account. The name of this Office 365 account in the Inventory of NAKIVO Backup & Replication is Office365 (the same one we added before).
- Objects. Select the needed objects from the account that you have selected at the previous step from the OneDrive backup. We select the Documents folder and the test1.doc file for the Office 365 user account of Michael Bose to recover.
- Options. Select the recovery job options to recover OneDrive for Business.
Recovery type. There are two options for recovery type:
- Recover to OneDrive
- Recover to original location
The Recover to OneDrive option provides an ability to recover OneDrive items to a custom Office 365 OneDrive for Business user account of your organization.
OneDrive. Select a user account whose OneDrive must be used to recover the data selected at the previous step. On the screenshot below, you can see that the name of the selected Office 365 user account is Automation08.
Overwrite behavior. There are three options:
- Rename recovered item if such item exists
- Skip recovered item if such item exists
- Overwrite the original item if such item exists
In our recovery job, we select the following options (see the screenshot below).
Recovery type: Recover to original location (selected files and folders will be restored to OneDrive of Michael Bose in our case)
Overwrite behavior: Rename recovered item if such item exists
Click Recover to start the OneDrive for Business recovery process.
The OneDrive for Business recovery process is started, the recovery job is running. The job status is displayed in the Activities tab of the web interface of NAKIVO Backup & Replication.
Once the recovery job is finished, open the web interface of OneDrive for your account and check files stored on OneDrive. On the screenshot below, you can see that selected items (the Documents folder and the test1.doc file) have been recovered to our Office 365 user account of Michael Bose and they are displayed in the web interface of OneDrive for Business for Michael Bose.
Despite the fact that Microsoft Office 365 OneDrive for Business is usually used to store backups, it is recommended to back up OneDrive itself. This blog post has covered OneDrive backup and explained how to back up OneDrive for Business data with NAKIVO Backup & Replication. Configuration consists of configuring API permissions for a backup application in the Azure portal including generating IDs that are required to add an Office 365 account to the Inventory of NAKIVO Backup & Replication, creating a Backup Repository and setting up a OneDrive backup job. Having a backup is the main point for successful recovery. The wide range of settings allows you to back up only needed user accounts and recover files from the Office 365 backup to a custom location. NAKIVO Backup & Replication is a universal data protection solution that supports backup to cloud, VMware vSphere backup, Hyper-V backup, and Office 365 backup including Exchange Online and OneDrive for Business to custom locations.