Many companies breathe a sigh of relief once they have implemented a professional backup solution like Veeam Backup for Microsoft 365 for their Microsoft 365 environment. The assumption is: „Now our data is safe, and the backup topic is taken care of.“ However, it’s not that simple. Unlike traditional SaaS services, where the provider often bears full responsibility for the service, with Veeam Backup for Microsoft 365, a crucial part of the responsibility remains with the customer.’’
This means: Even though Veeam reliably handles the backup and recovery of your M365 data, you as the customer are responsible for the availability and integrity of the backup service itself. This includes maintaining and managing the underlying infrastructure (such as the backup VM), ensuring accessibility of the backup software, and guaranteeing the permanent availability of the backup files.
But it’s not just the actual backup data that deserves attention. A frequently overlooked but essential aspect is the backup job configurations. These settings define which data (e.g., mailboxes, SharePoint sites, OneDrive accounts, or Teams channels) is backed up, how often, and for how long. Different classifications and exceptions can be set: Some data is backed up more frequently or for longer periods, while others are explicitly excluded. These configurations determine the quality and level of detail of your backup – and should therefore be regularly backed up and well documented themselves.
Only in this way can you maintain control over your backup strategy and quickly restore your data protection as desired in the event of a system or configuration loss.
Best practices for securing the Veeam Backup for M365 server
In the official Best Practice Guide (Veeam Best Practices – VBM365 with VBR), Veeam recommends securing the server on which Veeam Backup for Microsoft 365 (VBM365) is installed using an image-based backup method.
Especially important: To ensure that the backup job is application-consistent, the backup should be performed with the support of the Microsoft VSS Writer. This guarantees that all application data—including running processes and configurations—are backed up consistently.
In addition, it is recommended to document all configurations (such as backup job settings, schedules, exceptions, etc.) thoroughly in a separate manual and to update this documentation promptly whenever changes are made.
PowerShell as an additional safeguard
Another best practice is to use PowerShell scripts for backing up and restoring the configuration. Veeam provides a wide range of cmdlets that make it easy to export configuration parameters and import them again if needed. The official documentation can be found here:
https://helpcenter.veeam.com/docs/vbo365/powershell/cmdlets.html?ver=8
With such scripts, you can conveniently back up the most important settings and restore them during a server rebuild.
What if no backup or documentation is available?
But what happens in an emergency if there is neither a backup of the VM nor up-to-date documentation and the VBM365 server fails? Basically, the backup data stored on the repository is not lost. It is easy to install a new VBM365 server and attach the existing backup repositories. The protected data can therefore still be accessed and used.
However, the backup jobs, schedules, and configurations usually have to be recreated and, if necessary, coordinated with the respective departments. But of course this is than time-consuming and prone to error.