More configuration options in CubeBackup for Microsoft 365
Settings for a specific organization
The settings in this section only take effect on the current organization.
Apps
By default, CubeBackup will back up all supported Microsoft 365 applications in your organization, including Outlook Mail, Calendar, People, OneDrive, Teams and SharePoint. You may exclude any applications that you don't want in the backup set by clicking on the toggle button beside the application, then selecting Update apps settings.
File exclusion for OneDrive and SharePoint backups
When you click Options in the Apps section, the filter settings for OneDrive or SharePoint backup will pop up, from which you can set the file exclusion rules.
File exclusion rules allow CubeBackup to skip over certain files in the backup set. For example, if you do not want to backup video files which are larger than 5GB, you can add a rule that says:
has suffix ".mp4", ".mkv", ".avi", ".mov", ".rm", ".rmvb" AND size > 5GB
Detailed explanation of file exclusion rules:
Exclusion rules may be created using the following keywords:
has prefix
,has suffix
,name is
,size
,is file
andis folder
.has prefix
: matches the beginning characters of a filename (case insensitive)
has suffix
: matches the ending characters of a filename, including, but not limited to, the file extension (case insensitive)
name is
: exact match for the name of a file, including the extension (case insensitive).
size
: matches file size (recognizes >, <, KB, MB, GB, TB)
is folder
: specifically targets only folders in Google Drive backups.
is file
: specifically targets only files in Google Drive backups.has prefix
,has suffix
,name is
can support multiple values, listed separately in quotation marks. For example:has suffix ".mp4", ".mkv"
will exclude all mp4 and mkv files.
size
supports KB, MB, GB, TB (without quotation marks). For example:size > 2GB
The basic file exclusion rules can be connected with
and
(orAND
) to construct compound rules. For example:has suffix ".iso" AND size > 2GB
will exclude files with the extension ".iso" that are also larger than 2GB
has prefix "temp","tmp" AND has suffix "20210105.doc" AND size>200MB
will exclude files that begin with "temp" or "tmp" and end with "20210105.doc" and are larger than 200MB.
Please do not apply a
size
filter to folders. A compound rule combiningis folder
withsize
will result in no matches.
These rules can be combined together to create larger filter sets. Each created rule works independently of the others (you may think of these rules as being connected by "OR").
Please NOTE that this setting will only affect future backups. OneDrive and SharePoint data that has already been backed up will not be automatically purged from the backup storage. To purge existing files from the backups based on the file exclusion rules, please run the cbackup fileExclude command.
Data retention policy
Preserve all versions: By default, CubeBackup will keep snapshots of each user and site using the following built-in rules.
- Keep one snapshot for each hour over the last 24 hours.
- Keep one snapshot for each day over the last 30 days.
- Keep one snapshot for each week over the last 2 years.
- Keep one snapshot per year after two years.
Number of days for historical versions to be preserved: Alternatively, you may set the retention period for historical backups. For example, if the retention period is set to 30 days:
- All snapshots older than 30 days will be permanently removed from the backup set and no longer displayed in the CubeBackup web console.
- Any backup data which was deleted in Microsoft 365 more than 30 days ago will also be removed from the backups.
Advanced user settings
Select users by teams and groups
After the initial setup, you can continue adjusting the backup user list from the SETTINGS page. In addition to selecting individual users manually, CubeBackup also allows you to select users by teams and groups using the group icon.
Automatically enable backups for new users, teams and sites
By default, CubeBackup automatically includes all new users, teams and sites in the backup list to help reduce the workload for CubeBackup administrators. If you'd like to manually control the backup for new users, teams and sites, please uncheck the box in front of Automatically enable backups for new users | teams | sites.
Some organizations require more fine-grained control. For example, a school might only want to backup data for new staff, not for new students. CubeBackup allows you to control the backup for new users based on their Teams and Groups.
Click the advanced settings beside Automatically enable backups for new users, and check the corresponding Teams and Groups in the pop-up dialog.
System Settings
Backup interval
By default, CubeBackup will try to back up your Microsoft 365 data once an hour. You can change the backup interval in the SETTINGS under the System tab. In most cases, there is no need to change this setting - one hour is reasonable for most Microsoft 365 organizations.
Please Note:
- 1 hour is the smallest interval CubeBackup will allow.
- For each organization, new backups will not begin until the previous backup has finished; however, multiple organizations can run in parallel and will not affect each other's backup interval.
- There is no way to set the exact time for the start of the next backup. If you are concerned about the network bandwidth consumption used by the backup process during office hours, please use the included throttling tools in CubeBackup.
Network Throttling
Backups for an entire Microsoft 365 organization can be quite large, and the backup process can consume considerable network bandwidth. CubeBackup allows you to flexibly control network throttling by setting speed limits for work hours and non-work hours independently. Both work days and work hours can be defined to meet your company's unique needs.
Note: The throttling settings are based on the time on your CubeBackup server. If the server time is in a different time zone, please sync the time or manually change the time zone before updating the throttling settings.
If you'd like to schedule the backup task in CubeBackup, you can set the speed limits of work hours to 0 Mbps, and configure a specific time for the work hours. Then CubeBackup will only initiate a backup process when the work hours are finished.
For example, to create a backup task running at 5 PM every day, you will need to:
- Set the backup interval to 1 hour and click Update backup interval.
- Check the Throttling during work hours option and enter 0 Mbps as the speed limit.
- Set the Work hours to 9:00 to 16:00.
Click the Update throttling settings button.
Email reports
As an administrator, you may not want to constantly sign in to the CubeBackup web console to check the status of the backup service. CubeBackup can send you monthly, weekly, or even daily email reports of backup status, progress, space used and much more.
For convenience, CubeBackup will send the email reports to recipients from [email protected] by default. The reports are generated locally by your backup server, and sent to the specific recipients using Mailgun's mail service. All details and statistical data remain private.
If required by your company, you can also select Custom SMTP server from the dropdown list, fill out the information and set up your own mail server for CubeBackup reports.
Administrator/operator accounts
In the initial configuration, an admin account (the system administrator) was created for CubeBackup. The admin account can log into the CubeBackup web console to perform backup and restore jobs, as well as manage all settings for CubeBackup. However, in some cases, multiple administrative accounts with different roles may be needed. For example:
- An operator who can restore data for any Microsoft 365 user without involving the system administrator.
- If you manage multiple Microsoft 365 organizations in CubeBackup, it may be helpful to assign each organization a separate administrator/operator.
Create a new account
You can click the Create button in the Admins tab to add a new administrative account.
Roles explanation:
- System Admin: Full control of CubeBackup.
- Organization Admin: Administrative powers and permissions for specific organization(s).
- Organization operator: Backup & restore permissions for any Microsoft 365 users in specific organization(s).
For detailed information about different accounts/roles in CubeBackup, please visit Types of accounts in CubeBackup .
Microsoft OAuth login for all users
All accounts created in the "Admins" page are administrative accounts. CubeBackup also allows each Microsoft 365 user to restore their own data in the CubeBackup console using Microsoft OAuth login. Please refer to enable OAuth login for all Microsoft 365 users for more information.
Other settings
Manage multiple organizations
CubeBackup allows you to add multiple organizations and manage them in one place. You can switch between different organizations or + add organization from the drop-down list in the top-right corner of the web console.
In the Add organization dialog, follow the instructions to register and authorize your Microsoft Entra ID (Formerly Azure AD) application to access data in your organization. Then you can select the users and SharePoint sites to back up.
Access the console from the Internet
If you would like to access the CubeBackup server from an office network or the Internet, please make sure to allow unrestricted access to HTTP(80) and HTTPS(443) ports on your server.
For a cloud instance,
On AWS:
1. Log into the AWS console and go to the detail page of the CubeBackup instance.
2. In the Security tab, click the link under Security groups -> Edit inbound rules.
3. Now you can Add rule on the left bottom. Select "HTTP" in the Type dropdown list and "Anywhere-IPv4" in the Source dropdown list.
4. Add another rule and select "Anywhere-IPv6" in the Source dropdown list.
5. Repeat steps 1-4 for "HTTPS".
6. Click Save rules at the bottom.
On Microsoft Azure:
1. Log into the Microsoft Azure portal and go to the detail page of the virtual machine on which CubeBackup is running.
2. Open Networking in the Settings section and Add inbound port rule.
3. You can select "HTTP" in the Service dropdown list and leave all the others as default. Click Add at the bottom.
4. Repeat steps 1~3 for "HTTPS". If necessary, you may need to use a new name for this rule.
On Google Cloud:
1. Log into the Google Cloud Platform and go to the detail page of the VM instance on which CubeBackup is running.
2. In the Firewalls section, click EDIT and check the box in front of "Allow HTTP traffic" and "Allow HTTPS traffic".
3. Save the changes at the bottom.
For a Windows instance, you need to set up the inbound rules twice on both the cloud platform and the server. Here are the instructions:
- Log into the Windows server using RDP.
- Open Network & Internet section in the Settings.
- Then find Windows Firewall -> Advanced settings -> Inbound Rules.
- Now you can add New rule… -> select Port -> TCP -> input 80,443 in the Special local ports.
- Keep all the other options as default and Name the rule, then click Finish.
Now you will be able to access the CubeBackup console directly through the IP address from the office network or the Internet. If needed, you can also assign a domain name and enable HTTPS/TLS for the console.