Add an Office 365 tenant

This section lists the steps needed to configure an Office 365 tenant for backup. Once you add an Office 365 tenant, you can configure backup schedules for your Azure AD objects, Exchange Online mailboxes, and SharePoint Online and OneDrive for Business sites.

Prerequisites:

Before you configure an Office 365 tenant, make sure that you satisfy the prerequisites listed below.

  • Ensure that you have a working internet connection.
  • If you plan to install the product in a system running Windows 7 SP1 or Windows Server 2008, ensure you have Microsoft .NET version 4.5 and PowerShell version 2 installed in the system.
    • To check if Microsoft .NET Framework is installed, open Command Prompt from Run. Enter the following command reg query
    • "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\full" /v version

      Check the displayed version. If the version is below 4.5 or if it’s not installed, install Microsoft .NET Framework 4.5 from here.

    • To check if PowerShell is installed, type PowerShell from Run. If PowerShell is installed, check for its version number by running the command $PSVersionTable.
      If the version is below 5.1 or if it’s not installed, install PowerShell V 5.1 from here.

      30">here
  • If multi-factor authentication is enabled for the administrator account that you will use to configure your tenant to RecoveryManager Plus, keep the app password handy and follow the steps listed here. If your organization restricts generation of app passwords, follow the steps listed here.

Adding Office 365 tenant with app password

  • Log into RecoveryManager Plus console as an administrator.
  • Click the Account Configuration button located at the top-right corner of the screen.
  • Select the Office 365 Tenant tab.
  • Enter the Account Name and Password of the Office 365 tenant. If you just want to back up Exchange Online mailboxes using RecoveryManager Plus, enter the account name and password of a user who’s a member of the Organization Management role group. If you want to back up your SharePoint Online and OneDrive for Business sites, enter the credentials of a user who’s a member of the Organization Management role group and is also assigned the SharePoint administrator role. The account name should be entered in the format account@company.onmicrosoft.com.
  • You can also use a service account that is a member of the Office 365 global admin role to configure your tenant with RecoveryManager Plus.

    Click the Test Connection link to check if the provided credentials are sufficient to establish a connection with the tenant.

    Note: If multi-factor authentication is enabled for the account used, provide the app password in the Password field.

  • If you use Modern Authentication in your Office 365 environment and Legacy Authentication is disabled, you’ll need the Client ID and Client Secret to configure your Office 365 account. To get your client ID and client secret, follow the steps listed here.
  • Note: If you want to backup your Azure AD using RecoveryManager Plus, select Modern Authentication and provide the client ID and secret.

  • Choose the Office 365 environment in which the tenant was created from the drop-down box.
  • Click Save to add the tenant.

Adding Office 365 tenant if generating app passwords are restricted

If the Microsoft 365 account you use is MFA-enabled or if generating app passwords is restricted by your organization, you need to use either Trusted IP or Conditional Access feature of Microsoft 365 to configure your tenant with RecoveryManager Plus.

Steps to configure trusted IPs

  • Login to portal.azure.com using your global admin credentials.
  • From the left-pane, select Azure Active Directory → Security → MFA.
  • Click on the Additional cloud-based MFA settings option.
  • In the new window that opens, navigate to the trusted IPs section.
  • Select the Skip multi-factor authentication for requests from federated users on my intranet option.
  • In the text box, enter the IP address of the machine in which you have installed RecoveryManager Plus.
  • Click Save.

Steps to configure conditional access

When you configure conditional access in Microsoft 365, you can exclude the users of RecoveryManager Plus from having to undergo multi-factor authentication even if MFA is in force for everyone else in your organization.

Note: To use conditional access, you must have at least Azure AD Premium P1 license.

  • Login to portal.azure.com using your global admin credentials.
  • From the left-pane, select Azure Active Directory.
  • From the left-pane, select Security → Protect → Conditional Access.
  • Select New Policy.
  • Provide a name for the policy.
  • Click on Users and groups.
  • Select the Exclude tab.
  • Select the Users and groups check box, and choose the RecoveryManager Plus users for whom MFA must not be enforced.
  • Click Select.
  • Under Access controls section, click Grant.
  • Select Grant access radio button, and Require multi-factor authentication check box.
  • Click Select.
  • Click Create and then Save.

Once you have configured trusted IPs or conditional access,

  • Log into RecoveryManager Plus console as an administrator.
  • Click the Account Configuration button located at the top-right corner of the screen.
  • Select the Office 365 Tenant tab.
  • Enter the Account Name and Password of the Office 365 tenant. Use the credentials of an administrator with the global admin role. The account name should be entered in the format "account@company.onmicrosoft.com".
  • You can also use a service account that is a member of the Office 365 global admin role to configure your tenant with RecoveryManager Plus.

    Click the Test Connection link to check if the provided credentials are sufficient to establish a connection with the tenant.

  • If you use Modern Authentication in your Office 365 environment and Legacy Authentication is disabled, you’ll need the Client ID and Client Secret to configure your Office 365 account. To get your client ID and client secret, follow the steps listed here.
  • Note: If you want to backup your Azure AD using RecoveryManager Plus, select Modern Authentication and provide the client ID and secret.

  • Choose the Office 365 environment in which the tenant was created from the drop-down box.
  • Click Save to add the tenant.

Once you have added an Office 365 tenant, you can view the following information.

  • The name of the Office 365 tenant.
  • The account used to configure the Office 365 tenant with RecoveryManager Plus.
  • The status of the modules (Azure AD, SharePoint Online & OneDrive for Business, and Exchange Online) configured for backup. If you have not configured the module, you can do so directly from here.

Modify an existing Office 365 tenant

Once you have added an Office 365 tenant, you can modify/edit its details or delete it.

  • To refresh a tenant and fetch the most recent configurations, click the icon-refresh icon located in the actions column of the tenant.
  • To edit an existing tenant, click on the icon-edit icon located in the action column of the desired tenant.
  • To delete an Office 365 tenant, click on the icon-delete icon located in the action column of the desired tenant.
Get download link