Before You Begin
Make sure you meet the following prerequisites:
You must have a Microsoft 365 Global Administrator account.
The account must have a valid Microsoft 365 license.
Log into the Druva Console as an Cloud administrator, then follow these steps to configure Druva cloud for Microsoft Group protection.
Step 1: Grant Druva Access to Microsoft Groups
Sign in to the Druva Console as an Cloud Administrator.
Begin the app configuration process. You will be redirected to the Microsoft 365 login page.
Log in as a Global Administrator and grant the requested app permissions. To learn more about the permissions requested, refer to the Microsoft 365 App Permissions for Druva App article.
After completing the app configuration, click the three-dot menu and select Verify to confirm access to your Microsoft 365 users.
๐NOTE:
Druva uses OAuth 2.0 for secure token-based authentication. Learn more at the OAuth website.
โIf your organization enforces Conditional Access policies via Azure AD, these policies will apply during app configuration.
See Support for Azure Active_Directory (AD) Conditional Access policies for details.
Step 2: Get data encryption key
Scheduled backup of SaaS Apps data requires access to the data encryption key to encrypt backed-up data. This process is part of the digital envelope encryption process that Druva strictly adheres to. Druva does not store the userโs data encryption key and has no access to the data.
Select one of the following options to generate the data encryption key.
Cloud Key Management System (KMS) (recommended) - Uses AWS KMS services to encrypt and decrypt SaaS Apps data. You cannot disable this setting once saved. For more information, see Configure Key Management for SaaS Apps.
Bring Your Own Key (BYOK) - If your organizational policies require complete control over the encryption of the data backed up by Druva, Enterprise Key Management is the solution for you. For more information, see Enterprise Key Management for Microsoft 365.
Step 3: Configure Groups for Backup and Restore
You can configure Groups for backup and restore in the following ways:
Auto-Configuration: Use this method to automatically detect any new Groups and apply default or custom backup configurations and predefined schedules to each newly discovered and configured Groups.
Manual backup: You can define auto-configuration settings to start an unscheduled backup of Groups data when required.
To set up Group backup and restore, use backup profiles for org apps along with auto-configuration rules.
Backup Profile for Org Apps
Predefined Backup Profile โ Use a standard backup profile for Group.
Custom Backup Profile โ Create a profile tailored to your specific backup and retention settings.
Auto Configuration Rules
To streamline configuration across multiple resources, use auto-configuration rules by defining attribute-based criteria.
To learn more refer to the Backup Profiles for Org Apps and Auto Configuration Rules. Refer Manual Configuration to manually configure a Group.
๐ฉ Important
Due to API limitations, if you use a Shared Mailbox as a Global Admin account for configuring Druva inSync with Microsoft 365, Groups discovery might fail.