Veritas Alta™ SaaS Protection Administrator's Guide

Last Published:
Product(s): Veritas Alta SaaS Protection (1.0)
  1. Section I. Introduction to Veritas Alta™ SaaS Protection
    1. Introduction to Veritas Alta™ SaaS Protection
      1.  
        About Veritas Alta SaaS Protection
      2.  
        Features of Veritas Alta SaaS Protection
      3.  
        Tenant hosting methods
      4.  
        Architecture of Veritas Alta SaaS Protection
      5.  
        Services and utilities
  2. Section II. Administration portal
    1. Administration portal
      1.  
        About the Administration portal
      2.  
        Connectors page
      3.  
        Analytics
      4.  
        About the System page
    2. General administrative tasks
      1.  
        Configuring system
      2.  
        Configuring the Administration portal
      3.  
        Viewing upgrade history
      4. Viewing licensing details
        1.  
          License page - SKU based
        2.  
          License page - Usage based
  3. Section III. Manage users and roles
    1. Managing users and roles
      1.  
        About permissions
      2.  
        Adding users
      3.  
        Assigning the Default role to users
      4.  
        Adding roles
      5.  
        Searching for a specific user/group
      6.  
        Assigning permissions to users
      7.  
        The allowed list of the unrecognized retrieval users
  4. Section IV. Manage searches/eDiscovery/cases
    1. Manage searches/eDiscovey/cases
      1.  
        About eDiscovery/searches
      2.  
        Adding search templates
      3.  
        Adding Discovery cases
      4.  
        Performing an ad hoc search and adding data to Discovery cases
      5.  
        Viewing data in Discovery cases
      6.  
        Editing Discovery cases
      7.  
        Deleting Discovery cases
      8.  
        Assigning Discovery cases to users
  5. Section V. Configure policies
    1. About policies in Veritas Alta™ SaaS Protection
      1.  
        About policies in Veritas Alta SaaS Protection
      2.  
        About WORM policies
      3.  
        About the Deletion policy
      4. About the Tiering policy
        1.  
          Storage tiering and full-text search
        2.  
          User experience on storage tiering
        3.  
          Priority for storage Tiering
      5.  
        About the Tagging policy
      6.  
        How to edit the policy evaluation interval?
    2. Configuring policies for data retention (WORM policies)
      1.  
        Ingestion WORM policies page
      2.  
        Guidelines to add retention policies
      3.  
        Adding/updating ingestion WORM retention policies
      4.  
        Adding/updating At-Rest WORM retention policies
    3. Configuring policies for data deletion (Deletion policy)
      1.  
        Adding/updating Deletion policies
      2.  
        Viewing the deletion history
    4. Configuring policies for data tiering (Tiering policy)
      1.  
        Adding/updating Tiering policies
    5. Configuring Tagging polices
      1.  
        Adding Tags
      2.  
        Adding/updating Tagging policies
      3. Adding regular expressions
        1.  
          RegEx and query examples for PII detection
    6. Managing policies
      1.  
        Deleting policies
      2.  
        Analyzing the effect of policies
      3.  
        Analytics page for policies
  6. Section VI. Perform restores
    1. About restore
      1.  
        About restore
    2. Prerequisites for restore
      1.  
        Prerequisites for restore
    3. Restore dashboard
      1.  
        About the Restore dashboard
      2.  
        Restore job statuses
      3.  
        How to cancel the restore job?
      4.  
        View the restore events
    4. Restore Exchange Online mailboxes
      1. Restore Exchange Online mailboxes
        1.  
          Overwrite restore behavior for Exchange Online data
        2.  
          Supported Item Class for restore
    5. Restore SharePoint Online Sites and data
      1. Restore SharePoint/OneDrive/Teams Sites and data
        1.  
          Overwrite restore behavior for SharePoint Online
      2.  
        Recovery process and restore location options
      3.  
        Recovery of OneDrive, Microsoft 365 Group, and Microsoft Teams sites
      4.  
        Stub restore behavior
      5.  
        Permissions restore
      6.  
        Restrictions for SharePoint Online restore
      7.  
        Limitations of SharePoint Online data and sites restore
    6. Restore Teams chats and Teams Channel conversations
      1.  
        Restore Teams chats and Teams channel conversations
      2.  
        Limitations of Teams chat data restore
    7. Restore Audit logs
      1.  
        Restore O365 audit logs
    8. Restore Box data
      1.  
        Restore Box data
      2.  
        Limitations of Box data restore
    9. Restore Google Drive data
      1. Restore Google Drive data
        1.  
          About the overwrite restore behavior for Box/Google Drive data
    10. Restore Gmail data
      1.  
        Restore Gmail data
    11. Restore Salesforce data and Metadata
      1.  
        About the Salesforce Data, Metadata, and CRM Content restore
      2.  
        Restoring Standards and Custom objects (Structured data)
      3.  
        Custom Object restore - post processing steps
      4.  
        Restoring specific Records (Structured data) using Query filters
      5.  
        Restoring Salesforce CRM Content (Unstructured data)
      6.  
        Limitations of Salesforce Data restore
      7.  
        Considerations for Salesforce Metadata restore
      8.  
        Restoring Salesforce Metadata
      9.  
        Limitations of Salesforce Metadata backup and restore
      10.  
        Salesforce Objects not supported for restore
    12. Restore Entra ID objects
      1. About restoring Entra ID (Azure AD) objects and records
        1.  
          Permissions requirement
      2.  
        Best practices to restore Entra ID objects
      3.  
        Restoring an Entra ID object
      4.  
        Restoring specific records within Entra ID objects
    13. Restore Slack data
      1.  
        Restore Slack data
    14. Restore data to File server
      1.  
        Restore data to File server
    15. Restore options
      1.  
        Set the default restore point
      2.  
        Selecting items to restore (all items, all versions, or point-in-time)
      3.  
        Configuring email addresses for notifications
  7. Section VII. Perform data share
    1. Share data
      1.  
        Sharing data with other users
      2.  
        Removing admin shares
  8. Section VIII. Perform data downloading
    1. Download data
      1.  
        Downloading an item
  9. Section IX. Add and configure connectors
    1. About connectors
      1. About connectors
        1.  
          Supported SaaS applications for backup and restore
      2. Overview of connectors
        1.  
          Configuring the general settings
        2. Configuring the capture scope
          1.  
            Filtering users based on Entra ID (Azure AD) extended attributes
          2.  
            Filtering users based on Entra ID (Azure AD) group membership
          3.  
            Filtering folders
        3. Configuring credentials
          1.  
            Configuring credentials using the Manual mode
          2. Configuring credentials using the M365 App Registrations mode
            1. Assigning apps to connector
              1.  
                Statuses of the Microsoft 365 registered apps
            2.  
              Granting admin consent manually
            3.  
              Granting multiple admin consents using the App Consent Grant utility
          3.  
            Recovery of Microsoft 365 apps
        4.  
          Points to consider when configuring the Custom backup policy
        5.  
          Configuring Custom backup policy
        6.  
          Points to consider when configuring Delete policy for SharePoint environments
        7.  
          Configuring Delete policy
        8.  
          Points to consider when configuring Stubbing policies for SharePoint environments
        9.  
          Configuring Stub policy
        10.  
          Scheduling backup
    2. Apps Consent Grant Utility
      1.  
        About the Apps Consent Grant Utility
      2.  
        Prerequisites to download and install the Apps Consent Grant Utility
      3.  
        Downloading the Apps Consent Grant Utility
      4.  
        Installing or upgrading the Apps Consent Grant Utility
      5.  
        Post-installation activities for the Apps Consent Grant Utility
    3. Exchange Online connector
      1.  
        What can be backed up and restore?
      2.  
        API permissions for the Exchange Online
      3. Adding Exchange Online connectors
        1. Configuring the capture scope for Exchange connectors
          1.  
            Configuring the capture scope to back up mailboxes of all users
          2.  
            Configuring the capture scope to back up mailboxes of all users using the Rolling mailbox scope option
          3.  
            Configuring the capture scope to back up the mailboxes of users using the Alphabetical mailbox scope option
          4.  
            Configuring the capture scope to back up the mailboxes of specific users only
          5.  
            Configuring the capture scope to back up mailboxes from specific domains only
          6.  
            Configuring the capture scope to back up Group/Teams mailboxes
          7.  
            Configuring the capture scope to back up Public folders
    4. SharePoint Online connector
      1. What can be backed up and restore?
        1.  
          Supported and unsupported SharePoint Settings and Types for backup and restore
        2.  
          Supported Sites and List templates for backup and restore
        3.  
          Supported SharePoint permission objects for backup and restore
      2.  
        API permissions for SharePoint, OneDrive for Business, and Teams Sites Collections
      3. Adding SharePoint Online connectors
        1. Configuring the capture scopes for SharePoint connectors
          1.  
            Configuring the capture scope to back up all SharePoint site collections
          2.  
            Configuring the capture scope to back up specific SharePoint sites only
          3.  
            Configuring the capture scope to back up only specific sites using the Rolling site collection scope option
    5. Teams Sites collections connector
      1.  
        What can be backed up and restore?
      2. Adding Teams site collections connectors
        1. Configuring the capture scopes for Teams site connectors
          1.  
            Configuring the capture scope to back up all Team site collections
          2.  
            Configuring the capture scope to back up specific Team sites only
          3.  
            Configuring the capture scope to back up only specific Team sites using the Rolling site collection scope option
    6. OneDrive connector
      1.  
        What can be backed up and restore?
      2. Adding OneDrive connectors
        1. Configuring the capture scope for OneDrive for Business connectors
          1.  
            Configuring the capture scope to back up all OneDrive site collections
          2.  
            Configuring the capture scope to back up specific OneDrive sites only
          3.  
            Configuring the capture scope to back up only specific OneDrive sites using the Rolling site collection scope option
    7. Teams chat connector
      1.  
        What can be backed up and restore?
      2.  
        API permissions for Teams chat
      3. Adding Teams chat connectors
        1.  
          Configuring the capture scope for Teams chat connectors
    8. Audit log connector
      1.  
        Adding Audit Log connectors
    9. Google Drive connector
      1.  
        Prerequisites to add Google Drive connector
      2.  
        What can be backed up and restore?
      3.  
        API permissions for Gmail and Google Drive
      4. Adding Google Drive connectors
        1.  
          Configuring the capture scope for Google Drive connectors
    10. Gmail connector
      1.  
        What can be backed up and restore?
      2. Adding Gmail connectors
        1.  
          Configuring backup scopes for Gmail data
    11. Salesforce connector
      1.  
        About the Salesforce connector
      2.  
        Prerequisites to add Salesforce connectors
      3.  
        Adding Salesforce connectors
      4.  
        About the Salesforce connector backup process
      5.  
        Uploading a certificate to the Salesforce organization
      6.  
        Limitations of Salesforce connector
      7.  
        Salesforce Objects not supported for backup
    12. Entra ID (Azure AD) connector
      1.  
        What can be backed up and restore?
      2.  
        Adding Entra ID (Azure AD) connectors
    13. Box connector
      1.  
        Prerequisites to add Box connectors
      2.  
        What can be backed up and restore?
      3. Adding Box connectors
        1.  
          Configuring backup scopes for Box data
    14. Slack connector
      1.  
        Adding Slack connectors
      2.  
        Limitations of Slack connector
    15. EML connector
      1. Add Email/Messages
        1.  
          Prerequisite
        2.  
          Adding EML/Messages connectors
    16. Managing connectors
      1.  
        Editing connectors
      2.  
        Deleting connectors
  10. Section X. Perform backups
    1. Managing backups
      1.  
        Modifying a backup schedule
      2.  
        Performing an on-demand/ad-hoc backup
      3.  
        Running Delete and Stub policies for SharePoint Online data
      4.  
        Browsing backed-up data
      5.  
        Getting backup status
      6.  
        Connector page
      7.  
        Viewing backup tasks details
  11. Section XI. Backup limitations
    1. Backup limitations
      1.  
        Limitations for SharePoint Online connector
      2.  
        Limitations for Teams site collections connector
      3.  
        Limitations for Teams chat connector
      4.  
        Limitation for Google Drive connector
      5.  
        Limitations for Entra ID connector
      6.  
        Limitations for Box data backup
  12. Section XII. Events
    1. Events
      1.  
        Viewing backup events
      2.  
        About Event suppression
      3.  
        Creating event suppression rules
  13. Section XIII. Manage Stors (Storages)
    1. Manage Stors (Storages)
      1.  
        Viewing Stors (Storages)
      2.  
        Requesting a new Stor
      3.  
        General tab
      4.  
        Metadata tab
      5.  
        Statistical policies tab
      6.  
        Location-Mapping tab
      7.  
        Backup tab
      8.  
        Custodian Groups tab
      9.  
        Advanced tab
      10.  
        Analytics tab
  14. Section XIV. Manage Scopes
    1. Managing Scopes
      1.  
        About Scopes
      2.  
        Enabling Scopes
      3.  
        Configuring Scopes
      4.  
        Using Scopes
  15. Section XV. Manage auditing
    1. Managing auditing
      1.  
        About auditing
  16. Section XVI. Known Issues
    1. Known Issues
      1.  
        Know Issues

API permissions for the Exchange Online

If you use the Microsoft 365 App Registrations mode to configure the connector for your Exchange workload, Veritas Alta SaaS Protection must have the API permissions listed in the following table. In the Microsoft 365 App Registration mode, a single app has all the following permissions assigned, whether permissions are applicable to the workload being backed up by the connector to which the apps are assigned. The delegated permissions are mentioned in the following tables; all other permissions are app permissions.

Table: List of API permissions required for Exchange Online backup and restore

API Name

Claim value

Permission

Description by Microsoft

Used by Veritas Alta SaaS Protection

Microsoft Graph

MailboxSettings.Read

Read all user mailbox settings.

Allows the app to read user's mailbox settings without a signed-in user. Does not include permission to send mail.

To read mailbox type when using the Graph Management API mode.

Group.ReadWrite.All

Read and write all groups.

Allows the app to create groups, read all group properties and memberships, update group properties and memberships, and delete groups. Also allows the app to read and write conversations. All of these operations can be performed by the app without a signed-in user.

To add impersonation accounts as members to Microsoft 365 Groups/Teams to back up and restore their mailboxes in the Graph Management API mode.

Directory.Read.All

Read directory data.

Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user.

To fetch a list of users within a tenant and obtain a list of mailboxes using the Graph Management API mode.

RoleManagement.ReadWrite.Directory

Read and write role management data for Microsoft Entra ID.

Allows the app to read and manage the role-based access control (RBAC) settings for your company's directory, without a signed-in user. This includes instantiating directory roles and managing directory role membership, and reading directory role templates, directory roles and memberships.

To add impersonation accounts as administrators to role assigned Microsoft 365 groups to backup and restore their mailboxes using Graph Management API mode.

Office 365 Exchange Online

full_access_as_app

Use Exchange Web Services with full access to all mailboxes.

Allows the app to have full access by Exchange Web Services to all mailboxes without a signed-in user.

To backup/ and restore data from all types of mailboxes. No other granular permissions are provided by Microsoft for Exchange Web Services.

Exchange.ManageAsApp

Manage Exchange as an application.

Allows the app to manage the organization's Exchange environment without any user interaction. It includes mailboxes, groups, and other configuration objects. To enable management actions, an admin must assign the appropriate roles directly to the app.

To allow Exchange Online PowerShell access for the following operations when the PowerShell Management API mode is used:

  • Gather a list of mailboxes and their details.

  • Add impersonation accounts to Microsoft 365 Group/Teams mailboxes.

  • Get permissions assigned to mailboxes to capture ACLs.