Veritas Alta™ SaaS Protection Administrator's Guide

Last Published:
Product(s): Veritas Alta SaaS Protection (1.0)
  1. Section I. Introduction to Veritas Alta™ SaaS Protection
    1. Introduction to Veritas Alta™ SaaS Protection
      1.  
        About Veritas Alta™ SaaS Protection
      2.  
        Features of Veritas Alta™ SaaS Protection
      3.  
        Tenant hosting methods
      4.  
        Architecture of Veritas Alta™ SaaS Protection
      5.  
        Services and utilities
  2. Section II. Administration
    1. Administration portal
      1.  
        About the Administration portal
      2.  
        System page
      3.  
        Analytics page
    2. General administrative tasks
      1.  
        Configuring system
      2.  
        Configuring the Administration portal
      3.  
        Viewing upgrade history
      4. Viewing licensing details
        1.  
          License page - SKU based
        2.  
          License page - Usage based
  3. Section III. Manage backups (connectors)
    1. Overview
      1. About backup jobs (connectors)
        1.  
          Supported SaaS applications for backup and restore
      2. Overview for adding backup jobs (connectors)
        1.  
          Configuring the general settings
        2. Configuring the capture scope
          1.  
            Filtering users based on Entra ID (Azure AD) extended attributes
          2.  
            Filtering users based on Entra ID (Azure AD) group membership
          3.  
            Filtering folders
        3. Configuring credentials
          1.  
            Configuring credentials using the Manual mode
          2. Configuring credentials using the M365 App Registrations mode
            1. Assigning apps to connector
              1.  
                Statuses of the Microsoft 365 registered apps
            2.  
              Granting admin consent manually
            3.  
              Granting multiple admin consents using the App Consent Grant utility
          3.  
            Recovery of Microsoft 365 apps
        4.  
          Configuring the Custom backup policy
        5. Configuring Delete and Stub policies
          1.  
            Points to consider when configuring policies for SharePoint environments
        6.  
          Scheduling the backup job
      3. Apps Consent Grant utility
        1.  
          Prerequisites to download and install the services and utilities
        2.  
          Post-installation activities for the Apps Consent Grant utility
        3.  
          Downloading services and utilities
        4.  
          Installing or upgrading services and utilities
    2. Backup Exchange Online mailboxes
      1.  
        Supported Exchange Online data for backup and restore
      2. Adding connectors for Exchange Online data
        1. Configuring the capture scope for Exchange connectors
          1.  
            Configuring the capture scope to back up mailboxes of all users
          2.  
            Configuring the capture scope to back up mailboxes of all users using the Rolling mailbox scope option
          3.  
            Configuring the capture scope to back up the mailboxes of users using the Alphabetical mailbox scope option
          4.  
            Configuring the capture scope to back up the mailboxes of specific users only
          5.  
            Configuring the capture scope to back up mailboxes from specific domains only
          6.  
            Configuring the capture scope to back up Group/Teams mailboxes
          7.  
            Configuring the capture scope to back up Public folders
      3.  
        API permissions for the Exchange Online
    3. Backup SharePoint Online
      1. Supported SharePoint Online sites and data for backup and restore
        1.  
          Supported settings and column types at site collections, site, and list level
        2.  
          Supported sites and list templates
        3.  
          Supported permission objects
      2. Adding backup jobs (connectors) for SharePoint Online sites and data
        1. Configuring the capture scopes for SharePoint connectors
          1.  
            Configuring the capture scope to back up all SharePoint site collections
          2.  
            Configuring the capture scope to back up specific SharePoint sites only
          3.  
            Configuring the capture scope to back up only specific sites using the Rolling site collection scope option
      3.  
        API permissions for SharePoint, OneDrive for Business, and Teams Sites Collections
      4.  
        Limitations for SharePoint Online backup
    4. Backup Teams Sites collections
      1.  
        Supported Teams site collection data for backup and restore
      2. Adding backup jobs (connectors) for Teams site collections and data
        1. Configuring the capture scopes for Teams site connectors
          1.  
            Configuring the capture scope to back up all Team site collections
          2.  
            Configuring the capture scope to back up specific Team sites only
          3.  
            Configuring the capture scope to back up only specific Team sites using the Rolling site collection scope option
      3.  
        Limitations for Teams site collections backup
    5. Backup OneDrive for Business
      1.  
        Supported OneDrive for Business data for backup
      2. Adding a backup jobs (connector) for OneDrive for Business data
        1. Configuring the capture scope for OneDrive for Business connectors
          1.  
            Configuring the capture scope to back up all OneDrive site collections
          2.  
            Configuring the capture scope to back up specific OneDrive sites only
          3.  
            Configuring the capture scope to back up only specific OneDrive sites using the Rolling site collection scope option
    6. Backup Teams chats
      1.  
        Supported Teams chat data for backup
      2. Adding a backup jobs (connectors) for Teams chats
        1.  
          Configuring the capture scope for Teams chat connectors
      3.  
        API permissions for Teams chat
      4.  
        Limitations for Teams chat backup
    7. Backup Audit logs
      1.  
        Adding backup jobs (connectors) for O365 Audit logs
    8. Backup Google Drive data
      1.  
        Prerequisites to add Google Drive connector
      2.  
        API permissions for Gmail and Google Drive
      3.  
        Supported Google Drive data for backup and restore
      4. Adding backup jobs (connectors) for Google Drive data
        1.  
          Configuring the capture scope for Google Drive connectors
      5.  
        Limitation for Google Drive data backup
    9. Backup Gmail data
      1.  
        Supported Gmail data for backup and restore
      2. Adding backup jobs (connectors) for Gmail data
        1.  
          Configuring backup scopes for Gmail data
    10. Backup Salesforce data
      1.  
        About the Salesforce connector
      2.  
        Prerequisites to add Salesforce connectors
      3.  
        Adding connectors for Salesforce Data and Metadata
      4.  
        Uploading a certificate to the Salesforce organization
      5.  
        Limitations of Salesforce data backup
      6.  
        Salesforce Objects not supported for backup
    11. Backup Entra ID (Azure AD) objects
      1.  
        Supported Entra ID objects for backup and restore
      2.  
        Adding backup jobs (connectors) for Entra ID (Azure AD)
      3.  
        Limitations for backup and restore
    12. Backup Box data
      1.  
        Prerequisites to add Box connectors
      2.  
        Supported Box data for backup and restore
      3. Adding backup jobs (connectors) for Box data
        1.  
          Configuring backup scopes for Box data
      4.  
        Limitations for Box data backup
    13. Backup Slack data
      1.  
        Adding backup jobs (connectors) for Slack data
      2.  
        Limitations
    14. Backup EML data
      1. Backup Email/Messages
        1.  
          Prerequisite
        2.  
          Adding backup jobs (connectors) for EML/Messages data
    15. Managing backup jobs (connectors)
      1.  
        Performing on-demand backup
      2.  
        Running Delete and Stub policies for SharePoint Online data
      3.  
        Scheduling a backup job
      4.  
        Editing connectors
      5.  
        Deleting connectors
    16. Backup jobs (connectors) statuses
      1.  
        Viewing backup jobs (connectors) statuses
      2.  
        Backup statuses
    17. Browsing the backed-up data
      1.  
        Browsing backed-up data
    18. Events
      1.  
        Viewing backup events
      2.  
        About Event suppression
      3.  
        Creating event suppression rules
  4. Section IV. Manage restores
    1. About restore
      1.  
        About restore
    2. Prerequisites for data restore
      1.  
        Prerequisites for data restore
    3. Restore dashboard
      1.  
        About the Restore dashboard
      2.  
        Restore job statuses
      3.  
        How to cancel the restore job?
      4.  
        View the restore events
    4. Restore Exchange Online mailboxes
      1. Restore Exchange Online mailboxes
        1.  
          Supported Item Class for restore
    5. Restore SharePoint Online data
      1.  
        Restore SharePoint/OneDrive/Teams site data and sites
      2.  
        Recovery process and restore location options
      3.  
        Recovery of OneDrive, Microsoft 365 Group, and Microsoft Teams sites
      4.  
        Stub restore behavior
      5.  
        Permissions restore
      6.  
        Restrictions for restore of SharePoint Online data and sites
      7.  
        Limitations for restore of SharePoint Online data and sites
    6. Restore Teams chats and Teams Channel conversations
      1.  
        Restore Teams chats and Teams channel conversations
      2.  
        Limitations of Teams chat data restore
    7. Restore Audit logs
      1.  
        Restore O365 audit logs
    8. Restore Box data
      1.  
        Restore Box data
      2.  
        Limitations for Box data restore
    9. Restore Google Drive data
      1.  
        Restore Google Drive data
      2.  
        Limitation for Google Drive data restore
    10. Restore Gmail data
      1.  
        Restore Gmail data
    11. Restore Salesforce data and Metadata
      1.  
        About Salesforce Data and Metadata restore
      2.  
        Restore Objects to the same or another organization
      3.  
        Restore specific Records to the same or another organization
      4.  
        Restore specific Records to the same or another organization (using query filters)
      5. Restore Salesforce Metadata to the same or another organization
        1.  
          Limitations of Salesforce Metadata backup and restore
      6.  
        Sequence for manual restoration of deleted custom object attributes
      7.  
        Limitations of Salesforce data restore
      8.  
        Salesforce Objects not supported for restore
    12. Restore Entra ID objects
      1. About restoring Entra ID (Azure AD) objects and records
        1.  
          Permissions requirement
      2.  
        Best practices to restore Entra ID objects
      3.  
        Restoring an Entra ID object
      4.  
        Restoring specific records within Entra ID objects
    13. Restore Slack data
      1.  
        Restore Slack data
    14. Restore data to File server
      1.  
        Restore data to File server
    15. Restore options
      1.  
        Set the default restore point
      2.  
        Selecting items to restore (all or point-in-time)
      3.  
        Overwrite restore behavior for Exchange Online data
      4.  
        Overwrite restore behavior for SharePoint Online
      5.  
        Overwrite restore behavior for Box data
      6.  
        Configuring email addresses for notifications
  5. Section V. Manage data sharing
    1. Share data
      1.  
        Sharing data with other users
      2.  
        Removing admin shares
  6. Section VI. Manage data downloads
    1. Download data
      1.  
        Downloading an item
  7. Section VII. Manage Stors (Storages)
    1. Manage Stors (Storages)
      1.  
        Viewing Stors (Storages)
      2.  
        Requesting a new Stor
      3.  
        General tab
      4.  
        Metadata tab
      5.  
        Statistical policies tab
      6.  
        Location-Mapping tab
      7.  
        Backup tab
      8.  
        Custodian Groups tab
      9.  
        Advanced tab
      10.  
        Analytics tab
  8. Section VIII. Policies to manage the backed-up data
    1. About policies in Veritas Alta™ SaaS Protection
      1.  
        About policies in Veritas Alta™ SaaS Protection
      2. About WORM policies
        1.  
          Points to consider before adding retention policies
      3.  
        About the Deletion policy
      4. About the Tiering policy
        1.  
          Storage tiering and full-text search
        2.  
          User experience on storage tiering
        3.  
          Priority for storage tiering
      5.  
        About the Tagging policy
      6.  
        How to edit the policy evaluation interval?
    2. Configuring policies for data retention (WORM policies)
      1.  
        Adding or updating ingestion WORM retention policies
      2.  
        Adding or updating At-Rest WORM retention policies
    3. Configuring policies for data deletion (Deletion policy)
      1.  
        Adding or updating Deletion policies
      2.  
        Viewing the deletion history
    4. Configuring policies for data tiering (Tiering policy)
      1.  
        Adding or updating Tier policies
    5. Configuring Tagging polices
      1.  
        Adding Tags
      2.  
        Adding or updating Tagging policies
      3. Adding regular expressions
        1.  
          RegEx and query examples for PII detection
    6. Managing policies
      1.  
        Deleting policies
      2.  
        Analyzing the effect of policies
      3.  
        Analytics page for policies
  9. Section IX. Manage users and roles
    1. Managing users and roles
      1.  
        About user and roles
      2.  
        Assigning the Default role to users
      3.  
        Adding new roles
      4.  
        Searching for a specific user or group
      5.  
        Assigning permissions to users
      6.  
        The allowed list of the unrecognized retrieval users
  10. Section X. Manage Discovery cases and searches
    1. Managing Discovery cases
      1.  
        About eDiscovery
      2.  
        Adding Discovery cases
      3.  
        Viewing data in Discovery cases
      4.  
        Editing Discovery cases
      5.  
        Deleting Discovery cases
      6.  
        Assigning Discovery cases to users
      7.  
        Performing an ad hoc search and adding data to Discovery cases
      8.  
        Adding Discovery case template
  11. Section XI. Manage Scopes
    1. Managing Scopes
      1.  
        About Scopes
      2.  
        Enabling Scopes
      3.  
        Configuring Scopes
      4.  
        Using Scopes
  12. Section XII. Manage auditing
    1. Managing auditing
      1.  
        About auditing

About user and roles

Veritas Alta™ SaaS Protection offers the capability to implement role-based access control (RBAC) for its tenants. RBAC lets you grant users access and permissions according to their specific roles within the organization.

The following table describes the permissions in Veritas Alta™ SaaS Protection.

Table: User permissions

Permissions

Description

General settings

Access all items

The assigned user is authorized to access all the content within the tenant. They can use the Admin export mode in the Export Utility to retrieve all the content.

Full admin

The assigned user is granted with all permissions except Access All Items, Add Content, and API Impersonation. To mitigate risks associated with the Full Admin account, provision this account only on-demand to prevent account sharing.

Add content

The assigned user can add new content to the tenant, typically the Service account.

View only

The assigned user can only view data and is not permitted to make any changes.

Delete content

The assigned user can delete the content.

End-User settings

End-User SharePoint stubbing restore

The assigned user can restore a stubbed item by clicking on it.

End-User retrieval and download

The assigned user can download the last backed-up SharePoint file by clicking on a stubbed item.

End-user portal

The assigned End user can do the following on the End-User portal:

  • Search for content.

  • Add or remove content.

  • Share content internally and externally.

  • Also the user can access the Export Utility.

Admin portal settings

Administration portal

It allows a user to sign in to the Administration portal. The following permissions are available:

  • Administration App: This permission determines if a user can access the Administration page within the Veritas Alta™ SaaS Protection Administration portal.

    • Manage Permissions: It allows a user to manage permission and roles for other users.

    • Provisioning: It allows a user to perform the initial provisioning operations (used by Veritas Alta™ SaaS Protection team only).

    • View auditing: It allows a user to access the Auditing page.

    • Manage Connectors: It allows a user to create a backup job (connector).

      A user that is a member of a Custodian group should not be assigned this permission.

    • Manage Scope: It allows a user to view and manage Scopes.

      • If the user is not part of any Scope and also does not have Manage Scope permission, then the user can only see backup jobs (connectors) those are not part of any Scope.

      • If a user adds to a Scope and does not have Managed Scope permission, then the user can only see backup jobs (connectors) that are part of the Scope in which the user is added.

      • If the user is assigned with the Managed Scope permission (it does not matter if the user has Scopes or not), then the user can see all backup jobs (connectors), including the backup jobs (connectors) created using a Scope.

  • Analytics App: It allows a user to access the Analytics page.

  • Tagging App: It allows a user to access the Tagging page.

  • Discovery app:

    • Create cases: It allows a user to create Discovery cases.

    • All cases full admin: It allows a user to view and manage all Discovery cases with full rights.

  • Retention App: It allows a user to access the Retention page.

  • License App: It allows a user to access the License page.

  • System App: It allows a user to access the System page.

  • Chargeback App: It allows a user to access the Chargeback page.

  • Storage Tiering App: It allows a user to access the Tiering page.

  • Monitoring App: It allows a user to view the Monitoring page.

API settings: The assigned user can access a wide range of general API. This permission is required for all Service accounts.

API Blobless Archive

The assigned user can use this permission for the Connector service to operate with the Blobless Archive option on a connector. It is advisable to grant and use this permission solely in a drive-shipping scenario.

API Impersonation

The assigned user can use this permission to impersonate another user by the API.