Tag Archives: Preview

Microsoft 365 Backup is now in Preview

Posted on by

Microsoft 365 Backup is currently in preview and will begin rolling out to organizations in early 2024. You can set up billing for the product as described in Set up Microsoft 365 Backup. Once Microsoft 365 Backup has been deployed and is available for use in your tenant, you’ll see it in the Microsoft 365 admin center page under Settings.

During the preview period, performance and speed of web interfaces, initial configuration, and restores might be slower than expected as we scale up our infrastructure to remove undesirable latency from our system.

Business continuity assurance is a top-of-mind concern for many companies. Microsoft 365 Backup delivers business continuity peace of mind by providing performance and reliable restore confidence. When evaluating a backup and restore offering, what really matters isn’t solely the backup, but the ability to restore your data to a healthy state quickly when you need to do so. Recovering large volumes of content is difficult when copying data at a scale from a remote, air-gapped location requiring weeks or even months to get your business back up and running.

In cases of a ransomware attack that encrypts large swaths of your data, or instances of an internal accidental or malicious data deletion or overwrite event, you need to be able to get your business back to a healthy state as soon as possible. This is what the Microsoft 365 Backup product offers, both through the Microsoft 365 admin center, as well as via third-party applications built on the Microsoft 365 Backup Storage platform.

To summarize, applications built on top of the Microsoft 365 Backup Storage platform deliver the following benefits regardless of the size or scale of the protected tenant:

  • Fast backup within hours
  • Fast restore within hours (see performance targets later in this article)
  • Full SharePoint site and OneDrive account restore fidelity, meaning the site and OneDrive are restored to their exact state at specific prior points in time via a rollback operation
  • In the future, roll forward granular file-level restores in OneDrive and SharePoint
  • Full Exchange mailbox item restores or granular item restores using search
  • Consolidated security and compliance domain management

Walkthrough an overview of Microsoft 365 Backup here

Architecture

Microsoft 365 Backup provides ultra-fast backup and restore capabilities by creating backups within the protected services’ data boundaries.

Microsoft 365 Backup not only provides uniquely fast recovery from common business continuity and disaster recovery (BCDR) scenarios like ransomware or accidental/malicious employee content overwrite/deletion. Additional BCDR scenario protections are also built directly into the service. For example, OneDrive, SharePoint, and Exchange Online provide replicated copies of your data across geographically disparate datacenters to automatically protect against physical disasters and automatically failover to live active copies seamlessly without the need for end customer intervention.

Our backups are protected from malicious overwrites because OneDrive, SharePoint, and Exchange use Append-Only storage. This means that SharePoint can only add new content blobs and can never change old ones until they’re permanently deleted. The Exchange items are backed up in an immutable manner and can’t be accessed by a client process (such as Outlook, OWA, or MFCMAPI). This process ensures that items can’t be changed or corrupted after an initial save, protecting against attackers that try to corrupt old versions. For More information about the built-in service and data resiliency, see SharePoint and OneDrive data resiliency in Microsoft 365 and Exchange Online data resiliency in Microsoft 365.

Key architectural takeaways:

  • Data never leaves the Microsoft 365 data trust boundary or the geographic locations of your current data residency.
  • The backups are immutable unless expressly deleted by the Backup tool admin via product offboarding.
  • OneDrive, SharePoint, and Exchange have multiple physically redundant copies of your data to protect against physical disasters.

Overview of Microsoft 365 Multi-Tenant Organizations (Preview)

Posted on by

Microsoft has multi-tenant organizations, a new Entra ID solution that’s available in Preview.

The multitenant organization capability is designed for organizations that own multiple Microsoft Entra tenants and want to streamline intra-organization cross-tenant collaboration in Microsoft 365. It’s built on the premise of reciprocal provisioning of B2B member users across multitenant organization tenants.

Collaboration in Microsoft 365 is built on the premise of reciprocal provisioning of B2B identities across multitenant organization tenants.

Members Not Guests

When Entra ID synchronizes accounts from a source tenant to a target tenant, it creates the entries in the target tenant as member accounts, not guest accounts. If you examine the properties of a synchronized account, you can see that the user principal name looks like a guest account but the user type is the same as a regular user account:

Side-by-side multitasking and cross-tenant notifications

With the new Teams client, users can now work across multiple tenants and accounts in side-by-side windows. They can join a meeting or collaborate in a channel hosted in another tenant, and simultaneously compose chat messages in their own tenant. Users can receive cross-tenant notifications for all accounts and tenants added to the Teams client, no matter which one is currently in focus.

Limitations for multitenant organizations in Microsoft 365 preview

The following are limitations of the multitenant organizations in Microsoft 365 preview:

  • A maximum of five tenants in the multitenant organization is supported.
  • A maximum of 100,000 users per tenant is supported.
  • Teams on the web, Microsoft Teams Rooms (MTR), and VDI/AVD aren’t supported.
  • The ability to grant or revoke permission to receive notifications from other tenants and to switch between tenants isn’t supported on mobile.
  • People in your organization links may not work for users from another tenant if their account had originally been a guest and they had previously accessed SharePoint resources.
  • It might take up to seven days for a user to appear in search once they’ve been synchronized. Contact Microsoft support if users aren’t searchable after seven days.
  • Support for a guest UserType of member in Power BI is currently in preview. For more information, see Distribute Power BI content to external guest users with Microsoft Entra B2B.

If you want to add more than five tenants or 100,000 users per tenant, contact Microsoft support.

Cross-tenant synchronization in Microsoft Teams:

  • Cross-tenant synchronization is a one-way process. This means that users from the source tenant are synchronized to the target tenant, but not the other way around.
  • Synchronized users have their own account in the target tenant. This means that they have their own profile, mailbox, and Teams chat history.
  • Synchronized users can access Teams in the target tenant. They can chat with other users, join teams, and participate in meetings.
  • Synchronized users cannot access other Microsoft 365 services in the target tenant. This is because they are not considered to be full members of the target tenant.

The basic issue here is that the original cross-tenant synchronization mechanism wasn’t tailored to support Microsoft 365 apps. The MTO (Multi-Tenant Organization) is explicitly engineered to support Microsoft 365, so it looks (from initial tests) that the use objects synchronized to another tenant a) appear in the GAL and b) are routable because their SMTP mail address is valid.

In the next post we will go deeper on how to configure MTO step by step. Stay tune for more goodies …