Synology Active Backup for Microsoft 365


Background

Following on from my three-part series on setting up a Synology NAS, I thought I would take a look at some of the other functionality on offer. Most apps available on Synology are free of charge, their Office 365 backup being one of them.

Now I was keen to see what this offered as part of my day job involves scoping and positioning paid-for Office 365 backup solutions. Can Synology do just as good a job for free?

I typically deal with two types of Office 365 backup product, SaaS-based, in that you log onto a webpage, point it to O365 and then it just sorts things out for you. Or something deployed in a virtual machine but can make use of both local storage and object storage.

SaaS backup typically is limited in customisation but usually does the job for 90% of people. Roll your own allows you to do what you want with your data in terms of backup frequency and storage location.

So where does the Synology offering sit in amongst those? When writing this article, it is more of a roll your own solution but you are tied into creating backups on the NAS device itself. I need to investigate if object storage offload is supported.

Deployment

I will run through the steps required to deploy and configure Office 365 backup on a Synology NAS as well as checking out the recovery options available.

Synology Office 365 backup package installation

Log onto the Synology NAS and open the package manager.

SynologyO365PT4_01

Find Active Backup for Microsoft 365 and click install.

SynologyO365PT4_02

Once installed click open.

SynologyO365PT4_03

The package needs to be activated. For this to work you will need to create a free Synology account.

SynologyO365PT4_04

Accept the privacy agreement.

SynologyO365PT4_05

This is where you create a Synology account if you don’t have one already.

SynologyO365PT4_06

Enter your details to create an account.

SynologyO365PT4_07

A verification code will be sent to your e-mail address, so you will need to use a legitimate e-mail account.

SynologyO365PT4_08

Agree to the T&C’s with Synology to create your account.

SynologyO365PT4_09

And you are done.

SynologyO365PT4_10

Back on the NAS, enter the details for your Synology account and click Activate.

SynologyO365PT4_11

And we are good to go.

SynologyO365PT4_12

Backup job creation.

If this is the first time that you have hooked the Synology O365 backup product into your Office 365 environment, you will need to run through some additional steps to authorise the application with Azure AD. I will run this process below.

Create a new backup task. You can link back an orphaned backup set to aid with recovery.

SynologyO365PT4_13

This is where we need to create the Synology application and authorise it with Azure AD. The link below takes us to this webpage, which is very comprehensive.

SynologyO365PT4_14

Here is a sample of the Synology knowledge base article with details instructions for Azure AD application registration.

SynologyO365PT4_15

One of the steps on the KB page asks to download the PowerShell script which automates a lot of the application registration process. It even checks if the Azure AD PowerShell tools are installed.

SynologyO365PT4_16

Once the PowerShell script has completed running, copy the URL I highlighted in red and log into Azure AD to authorise the API access for the Synology application to access Exchange Online, SharePoint Online, etc.

SynologyO365PT4_17

The other details requested below were generated when the PowerShell script was run. Paste the required ID’s in and import the certificate that was genertaed.

SynologyO365PT4_18

The next step is to create a shared folder on the NAS which will act as the backup location for the O365 backups.

SynologyO365PT4_19

Click to create a new shared folder.

SynologyO365PT4_20

Give the folder a name. I chose to hide the folder so no one would accidentally stumble across it.

SynologyO365PT4_21

You can encrypt the contents of the folder. I chose not to but would be worth considering.

SynologyO365PT4_22

There are some options to ensure data integrity.

SynologyO365PT4_23

And apply.

SynologyO365PT4_24

We can then check and change the default permissions on the folder. It can be locked down to a specific user.

SynologyO365PT4_25

Now we have a folder to target the backups to, we can edit the backup job to be more granular in which accounts are backed up and define backup schedules.

SynologyO365PT4_26

We can select which users to backup as well as what information type to backup. Interesting that we can backup archive mailbox as some SaaS providers do not allow this, but there is no Teams integration by the looks of it.

SynologyO365PT4_27

We can choose the default backup behaviour if a new user or SharePoint site is created. Below is the out of the box config.

SynologyO365PT4_28

Here we can set the backup schedule and how many iterations of file version history to keep. SharePoint and OneDrive for business keep previous versions of any files modified by default.

SynologyO365PT4_29

Click apply and then your done creating the job.

SynologyO365PT4_30

We have the option to run the backup now.

SynologyO365PT4_31

Backup job monitoring

When the job is running we can see the progress of the backup as below.

SynologyO365PT4_32

Once complete, we have a more complete overview of when backups have run and how many of each resource type are protected.

SynologyO365PT4_33

Backup recovery

Now for the most important part of any backup, the ability to recover data from it!

Synology offers another package called Active Backup for Microsoft 365 Backup Portal. Not so obvious from the name, but this is the portal where we manage recovery tasks. This can be opened to end users as well if self-service recovery is something you would like to offer.

SynologyO365PT4_34

 

E-Mail recovery

As an administrator, I have access to all the user accounts backed up from the O365 tenant. I chose myself from the drop-down list and then clicked on the options below to start the mail recovery process.

SynologyO365PT4_35

Then we can drill into the mailbox and use the slide bar at the bottom to scroll through a timeline of backups.

SynologyO365PT4_36

We can select a mail item to recover and either restore it to the mailbox or export the e-mail.

SynologyO365PT4_37

I chose to export the e-mail. It exports it in the familiar *.eml file format which can be opened by Outlook.

SynologyO365PT4_38

 

OneDrive recovery

In my OneDrive account, I have a very important document.

SynologyO365PT4_39

Launching the OneDrive recovery rather than E-mail, I can see the contents of the backup, which is my important document.

 

SynologyO365PT4_40

This document will be restored back to OneDrive.

SynologyO365PT4_41

Chose the users OneDrive account to restore to. Note the file will be restored to a newly created subfolder.

SynologyO365PT4_42

The restore shows as succesful.

SynologyO365PT4_43

Back in OneDrive we can see the newly created restore folder alongside the original document.

SynologyO365PT4_44

And in the folder is a copy of the Important Document.

SynologyO365PT4_45

And for quick auditing purposes, we can see what backup and restore tasks were performed.

SynologyO365PT4_46

Conclusion

The setup is straight forward and the basic backup and recovery workflow seems to work well. I can’t comment on how well this scales for a large O365 environment, but when I have spoken to Synology they have told me some organisations are using this to protect O365 tenants with tens of thousands of users, which is impressive. Again it would be interesting to see how this is configured as I know Microsoft impose throughput limits for accessing data in O365 when backing up. Some vendors work around this limitation by deploying multiple Azure AD applications with access to the O365 data and then proxying the backups across multiple apps to increase throughput.

For a free app though, I really can’t fault it and it worked flawlessly in the basic tests above.

 

 

 

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.