Skip to main content

Greetings everyone, for years I have been building scripts, tools, and dashboards regarding Veeam Backup for Microsoft 365 restore operations, just to quickly recap all the work over the years:

Don’t get me wrong, the experience was amazing, and seeing how many of you, and even beyond the Community, utilised these resources was really overwhelming and satisfactory.

But since then, we have been working tirelessly to bring this functionality, and much more regarding the topic, natively to the product.

Introducing Veeam Backup for Microsoft 365 - Restore Audit (powered by Veeam ONE)

Starting with Veeam Backup for Microsoft v8, and Veeam ONE v12.2, this functionality comes natively, and so far at no additional cost as Veeam ONE is free for those with MS365 licensing (just for M365 objects).

While building this set of features, the thought process was pretty much having Customers, Enterprises and Service Providers in mind. Use-cases like being able to filter by Organization was the paramount, but not just that, as well provide the required granular level on things like Alarm, where you can select individual Users/OneDrives/SharePoints, etc. Plus granularly filter by the restore type you want to alarm.

Key Features Simplifying Restore Audits

Intuitive Dashboard

As you can imagine, the first stop was to build something similar to what it can be achieved with Grafana, highlighting quickly which operators have been the most busy, plus what applications, and restore types happened within a given time period.

Perfect for NOC, SOC, and anyone showcasing this in kiosk mode:

An impressive, yet easy to consume, security and audit dashboard

Official link: https://helpcenter.veeam.com/docs/one/reporter/vbm_security_overview.html?ver=120

Real-Time Alarms

Fighting with the old way of getting real-time alarms, was the next logical step. The alarm should be granular enough to cover pretty much all the possible scenarios. It was challenging but we ended with a truly powerful alarm that surely will make SOC happy.

The alarm has the next filters:

  • Object type: Select among; Organization, Group, Users, Site, Team
  • Restore type: Select among; Save, Export, Send, Restore, View
  • Objects: A detailed selection, like in Veeam Backup for Microsoft 365 will appear
  • Severity: Mark this rule as Information, Warning or Error

As you can see, you can produce Alarm rules as detailed as you want. I truly encourage you to start creating some high severity alarms for your Board, and HR department restores, whilst keeping the rest as Information.

New Veeam Backup for Microsoft 365 v8 - Restore activity alarm

Do not forget that per every alarm, we can have different notifications. So for example we can have:

  • Alarm 1 - The Board and HR alarm, with any restore type, sending a Syslog to SOC, an email to Tier2 team, and creating a ServiceNow incident
  • Alarm 2 - An alarm for the rest of the Company objects, with any restore type, sending a Syslog to SOC, an email to Tier1 team.
  • Service Provider Alarm 1 - An alarm with all restore types happening in Company Tenant 3, sending an email to tenant3SOC@tenant3.com

Comprehensive Reporting

Finally, where everything conveys, the report. A hard copy proof of restores, who has done what, restore where, from what IP these restores had happened, etc.

The report was built with compliance in its mind, extremely granular, and with a lot of great information on the details page. Let’s take a look in detail:

The first page of the report is a great overview, with charts that will make the digest of the report much easier:

The second page of the report is an aggregation of restore sessions on a given time period, truly useful to see trends across dates:

The third page is where the meat is, extremely detailed set of restores, who has done what, from what IP address, have they used the Explorer, or the HTML Restore Portal, etc.

As an small, and amazing twist, I love that when we open a folder, and list the items, that action is still reflected as of course it discloses a great amount of data just seeing the subject, the from, and to, very nice!

Official link: https://helpcenter.veeam.com/docs/one/reporter/vbm_restore_operator_activity.html?ver=120

Closing thoughts

Having this level of functionality, at zero cost for Veeam Backup for Microsoft 365 v8 users, seems even too good to be true, but in this case it is!

As a Product Manager of Veeam ONE, all my team is very much looking forward for your feedback trying this functionality, comments, ideas, bugs (I hope zero), etc. Please let us know!

Wait, too much to read, I wanna see

Sure, for those that prefer a video format, I put together all my thoughts, comments, and I walk you, personally, through all of this here:

Thanks so much for reading this article

I am loving that roles are making their way to other products like VB365.  This detail is great Jorge and will come in handy once we upgrade.  Thanks for sharing this.  👍


Comment