O365 Backup solutions. Which to choose?

If you have the time to invest in setting up VB365 that is the way to go as you could look at Wasabi for object storage or other vendors.  This is where I have the most expertise being an MSP.

Veeam Data Cloud would be another option with less administration and possibly the route to go.

MS solution I would not entertain.

The choice comes down to the time you have to invest and administer.

Hey Doug, 

from your three mentioned options i can only suggest Veeam Backup for Microsoft 365 and Veeam Data Cloud.

Many of our customers started with Veeam Backup for Microsoft 365. Depending on their needs and amount of data, some of them with local backup storage (jet-based). Meanwhile many of them migrated or already planning the migration from their backup data to object storage (Wasabi). For new customers we suggest to start direct with S3 object storage as a repository.

A few from our customers are already on Veeam Data Cloud. And as Chris mentioned, less administration for them (or even us 😥...).

Currently we are providing with these two products also a scenario where the administration is managed by us as a service provider.

Cheers, Markus

Hey 👋
 

Gonna kick this off by calling out any motives I could be assumed to have in steering your decision: I’m a solution engineer on the VDC:M365 team.

Within the Veeam eco-system, you have three choices:

• Deploying and maintaining your own VB365 platform
• Leveraging a third-party service provider’s VB365-based offering
• Leveraging Veeam Data Cloud

The costs vary between these offerings based on the way they are sold:

• VB365 requires you to pay for your licenses and then provide your own compute, networking, and storage (whether your own or via some form of public/private cloud). This is typically seen as cheaper but the costs of running, securing, and maintaining your own platform can result in higher operational costs depending on your organisation size and amount of data.
• Third-Party Service Providers will have their own cost models, typically these might be an “all-inclusive” license per user with unlimited storage, or a per-user license with a certain amount of storage attached which is pooled across your tenant, and charged for overages. These are some examples but every service provider will have their own pro’s and con’s in this regard. Knowing your tenant will allow you to get the best personal deal for your organisation. If you’ve got a lot of data, unlimited storage may make more sense for example.
• Veeam Data Cloud offers an unlimited storage model, licensed on a per user basis.

By leveraging a service provide or Veeam Data Cloud, costs of operating the platform are no longer your concern, and via the shared responsibility models you’d expect, Veeam or the service provider takes on responsibility for the uptime and security of that platform.

From a functionality perspective, all offerings are equal on the surface, they’re all utilising VB365 as the underlying engine, the difference in functionality boils down to a few things:

• Running your own VB365 server will allow you to utilise PowerShell and REST API interaction with your server, if you need this. Typically if you’ve got a very complex organisation structure and you need your backup jobs to be frequently manipulated manually, you can automate this.
• Using a service such as VDC or a third-party, you shouldn’t expect any API access, potentially some subset of REST API but definitely not PowerShell. However, because the service provider/VDC has access to the same PowerShell/REST APIs, it is possible for the service provider to layer their own features over the top of the base VB365 service by utilising these APIs, a great example of this is how VDC has its own powerful RBAC built in, and I’m sure other service providers have built their own functionalities too (I don’t have an exhaustive list of examples on that though!)

Data Freedom:

• With VB365 you can put your data on any supported storage, and copy to any other supported storage, you’ve got flexibility on immutability configurations, so you can comply with any complex regulatory needs for data storage, the drawback is you’re paying for that storage on either a CapEx or OpEx basis.
• Service providers typically won’t allow you to bring your own storage, as they’ll be offering you an SLA on their service, how can you support an SLA with components outside of your control? This means being happy with where the service provider is going to store your data. Another key point is whether if you have a change of heart or requirements, if the service provider will let you take your data with you, something that Veeam Data Cloud offers.

Just finally to touch on the “MS Solution”. Veeam Data Cloud Express & Premium options utilise the same APIs as this (Premium backs up data via the Graph API like VB365 normally does in addition). Microsoft 365 Backup stores immutable versions of data within the M365 trust boundary for rapid recoveries, at present there are some limitations such as a lack of MS Teams support, the inability to do granular recovery (you have to rollback your mailbox to the point in time selected), and compared to VDC Express/Premium, this is charged per GB vs our unlimited storage offering. Which is why VDC Premium offers both the traditional backup, and the rapid restores available by Microsoft 365 Backup Storage APIs.

That was a longer message than I intended to write, but hopefully it’s enough to give you a good idea of what’s important to you and where to go next. There’s a trial of VB365 available so you can always go play with that, or get a demo from VDC or one of our many service provider partners, and see what works best for you 🙂 I’m happy to answer any follow up questions too!

Another option to consider is Managed Backup-as-a-Service for Microsoft 365 from a Service Provider. This allows you to leverage the Service Provider’s expertise, ensuring that your backups are managed without any hassle on your end.

As a Service Provider, we offer our clients Backup-as-a-Service bundled with Cybersecurity by integrating Microsoft 365 tenants with our Cloud-based SIEM solutions, providing a comprehensive backup and cyber protection solution.

Yeah I’m going to jump on @Mohamed Ali’s back here. Full disclosure I work for the largest of the Veeam M365 BaaS partners and I’m the internal SME for all things M365 protection. First off I’ll say that unless you are a small organization you should not do M365 protection yourself in your own data center. 1, you want it on object storage which you most likely don’t have today on prem, 2, you want it close to the compute that will do the proxies and 3, you’ve already done the work to get that data out of your own datacenter in production, why would you bring it back on prem for data protection?

I’ll caution you that with both Microsoft Backup or VDC that data is never going to leave Microsoft’s cloud. While they are crossing boundaries in terms of compute stacks it’s still Entra ID at the top across production M365 and any data protection. Are you ok with that? Personally I prefer my data protection to be cross-cloud.

All I can say is “Wow” to these amazing responses. What great information not only for myself but anyone finding themselves asking the same question and looking for answers. This is what makes the Community great!

One of the main reasons for migrating from on-prem Exchange to O365 is ease of management and trying to reduce the maintenance, expense, and overhead of my hardware infrastructure. Also to reduce the complexity of on site backup and storage. I want to work smarter, not harder (also I’m inherently lazy)

@k00laidIT has some excellent points that are well worth considering. VDC seems a great option but the fact it’s backbone is the Azure stack and is reliant on MS for SLA makes me a bit nervous. 

A BaaS solution may be what I’m ultimately looking for, and not something I originally considered. Learned something there.

I know @coolsport00 wants me to check a best answer :-) but I’m sorry man, all are the best answer depending upon your scenario.

Thanks for the help!

• Doug

@PDXdoug - if there is no best answer then we can covert this to a discussion versus question.

@Madi.Cristil @safiya -- since Doug feels there is no best answer can we convert this to a discussion thread.

@PDXdoug there are some great benefits to sitting within Microsoft Azure however, firstly Azure is still global, so consider that there are many regions outside of the M365 data locations for your data to be stored. Secondly, by residing within Azure, you’re “on-net” within Microsoft’s backbone, if there was a major incident such as a DAG corruption event within Exchange Online that caused many customers to need to re-upload their data, you’d more likely hit a network limitation by peering into Microsoft from an external source, versus being within their network backbone already.

But finally, Microsoft 365 is a SaaS solution delivered globally, and some services don’t have any on-prem equivalent, so there is an expectation that Microsoft’s cloud survives in some way/shape/form, because you can’t restore the services elsewhere. If Microsoft 365 is down, regardless of where your data is located, you can’t recover until Microsoft 365 is back.

Some scenarios will ultimately make more sense to store data outside of Azure, as per my previous post, but storing data within Azure does not increase risk.

You’re right Chris, this should be a discussion thread.

My apologies if I incorrectly posted.

• Doug

No worries at all there.  Some times it is hard to know what to pick and Question is default too.  LOL 😂