Use the Express Configuration Option in the Office 365 Guided Setup for Exchange Online

Updated

You can complete the Office 365 guided setup using the express configuration option, which automates some configuration steps.

After you create the Azure app that is needed for the Exchange Online app, the express configuration creates one or more Exchange Online service accounts for the Azure app, and then syncs and authorizes the Azure app with Azure. The service accounts have the ApplicationImpersonation and View-Only Recipients permissions. The number of service accounts that are created depends on the whether your environment uses modern or basic authentication:

  • Modern authentication: The express configuration creates 1 service account.

    The service account is used only for mailbox discovery and license computation, and you can remove the ApplicationImpersonation permission from the service account.

  • Basic authentication: For every 10,0000 mailboxes in the Exchange Online app, the express configuration creates 10 service accounts, and an additional service account for every additional 1,000 mailboxes. The maximum number of service accounts that are created is 25.

Verify That Ports Are Open

Disable Multi-Factor Authentication for the Global Administrator Account

  • To use the express configuration option, if multi-factor authentication is enabled for the global administrator account, you must disable it.

    For more information, see "Turn on Modern authentication for your organization" and "Turn off legacy per-user MFA" in Use Conditional Access Policies in the Microsoft documentation.

    After you complete the guided setup, you will enable multi-factor authentication again.

Go the Office 365 Guided Setup

  1. From the navigation pane, go to Guided setup.

    The Welcome page appears.

  2. On the Protect tab, click Office 365.

    The Office 365 setup appears.

Create a Server Plan That You Can Use for Exchange Online

If you already have a server plan that you can use, you can skip this step.

  • On the Create server backup plan page, specify the settings for a server plan that you can use for the Exchange Online app.

Settings

Steps

Plan name

  • Enter a name for the server plan.

Backup destinations

  1. Click Add.

    The Add backup destination dialog box appears.

  2. In Name, enter a name for the backup destination.

  3. From the Storage list, select the storage to use for the backups.

    If you selected storage that uses Distributed Storages, the Optimize for instant clone toggle key appears.

    By default, this setting is turned on to allow the associated Distributed Storage to optimize backups for clones, using Copy Data Management. To turn off the setting, move the Optimize for instant clone toggle key to the left.

    The setting does not apply to Hyperscale solutions that use Distributed Storage.

  4. For Retention period, enter the amount of time to retain the backups.

  5. To specify additional backups, such as weekly full backups, move the Extended retention rules toggle key to the right, and then add rules.

  6. Click Save.

RPO

  1. For Backup frequency, specify how often and when to run incremental backups.

  2. To run full backups, move the Add full backup toggle key to the right, and then specify how often and when to run full backups.

  3. For Backup window, specify when you want incremental backups to run.

  4. For Full backup window, specify when you want full backups to run.

Folders to back up

  1. To back up only some content, in Content to back up, enter the content to back up.

    By default, all content is backed up.

  2. To exclude folders or files from the backup, in Exclude - files/folders/patterns, enter the content to exclude.

  3. Specify whether to include the system state in backups:

    • To include the system state in all backups, select the Back up system state check box.

    • To include the system state only in full backups, select the Back up system state check box and the Only with full backup check box.

    • To use VSS (Volume Snapshot Service, also called Shadow Copy) to back up the system state, select the Use VSS for system state check box.

Snapshot options

  1. Specify how to retain snapshots:

    • To specify a number of jobs to retain on a snapshot copy, select Number of snap recovery points, and then enter the number of jobs to retain.

    • To specify a retention period, select Retention period, and then enter the amount of time to retain the jobs.

  2. To use the server plan for file indexing, move the Enable backup copy toggle key to the left to turn it off.

  3. For Backup copy frequency, enter how often to run backup copy jobs.

Database options

  1. For Log backup RPO, enter how often to run log backups.

  2. To use the disk cache of the logs to the MediaAgent for backups, do the following:

    1. Move the Use disk cache for log backups toggle key to the right.

    2. For Commit every, enter how often to commit the logs to the CommServe computer.

      Disk caching of database logs applies to the following agents: Informix, Microsoft SQL Server on Windows, Oracle, Oracle RAC, and SAP HANA .

Override restrictions

  • Leave the Allow plan to be overridden check box cleared.

Add an Office 365 App for Exchange Online

  • On the Add Office 365 app page, specify the settings for the Exchange Online app that will contain the mailboxes that you want to back up.

Settings

Steps

Service type

  • Select Exchange Online.

Name

  • Enter a name for the app.

Server plan

  • Select the server plan to use for mailboxes that you will add to the app.

Infrastructure settings

  1. To index, search, and perform analytics operations on backed-up data, for Index Server, select or create an index server.

    Important: If this is the first index server in your environment, create the index server here, in the guided setup, because it automatically adds the required roles. (If you create the index server in Manage > Infrastructure, you must manually select the required roles.)

  2. From the Access nodes list, select the access nodes to use for the app:

    • For normal availability, select 1 access node.

    • For high availability (which is recommended for the first full backup), select 2 or more access nodes, and then do the following:

      1. In the Shared job results path box, enter the UNC path to the network location that you want to stage backup jobs data in.

        Enter a path that is always accessible to the access nodes.

      2. For Account to access shared path, click Add, and then enter the credentials of an account that has Windows administrative privileges on all the access nodes.

        Note: After you add an app, you can add more access nodes to the app on the Configuration tab of the app page, in the Infrastructure settings section. Before you add access nodes, verify that Office365 package is installed on them.

Exchange connection settings

  1. From the Office 365 cloud region list, select the region that hosts Exchange Online:

    • If Exchange Online is not hosted in a national cloud, select Default (Global Service).

    • If Exchange Online is hosted in a national cloud, select the region.

      For All Regions (US GCC), select the default region.

      For US Government (US GCC HIGH), select the default region and add following registry keys on the access nodes:

  2. For Configuration mode, select Express configuration (Recommended).

  3. Enter the Office 365 global administrator account user name and password.

  4. Click Create Azure app.

    A Microsoft window displays all the permissions that are required to access the Azure app.

    If the browser pop-up blocker blocks the Microsoft window, allow access to the Microsoft window.

  5. At the bottom of the Microsoft window, click Accept.

    The Create app principal dialog box appears.

  6. In the Create app principal dialog box, for step 1, click the tenant admin URL.

    A Microsoft page appears.

  7. Complete all the steps in the Create app principal dialog box.

  8. Click Save.

Enable Multi-Factor Authentication for the Global Administrator Account

  • If you disabled multi-factor authentication for the global administrator account, enable it again.