Welcome to Part 3 of the Synology DS920+ Review series. In this part, we will explore how to get started using Active Backup for Microsoft 365 and the associated benefits in doing so.
If you would like to know more about setting up the Synology DS920+ please check out PART 2
To start off, you will need to install the package onto your Synology DS920+
Step 1: Login to your Synology DS920+ using your credentials that you setup in Part 2 of this series.
Step 2: Open the Package Center application by clicking on the icon in the top left corner.
Step 3: Once open, scroll down slightly until you find Active Backup for Microsoft 365 and click Install. Note: You may be asked to update Universal Search before you can install.
Step 4: Now you can sit back and relax (albeit not for long) until Active Backup for Microsoft 365 installs.
Step 5: Once complete, you will be able to open the application and the fun can begin. 🙂
Before We Begin
In this section, we will setup all the necessary components to create our first backup task.
Security is paramount in the cloud world we live in and Synology has understood this! The company has created a robust mechanism to allow their product to securely communicate with your Microsoft 365 tenant.
For the purposes of this post, we will be following the How to register an Azure AD application for Active Backup for Microsoft 365 tutorial that has been published by Synology and can be found here: https://www.synology.com/englobal/knowledgebase/DSM/tutorial/Backup/How_to_register_an_Azure_AD_app
Before You Start:
- You need to use Windows 10 or Windows Server 2016 or later as the operating system to run the PowerShell script provided by Synology.
- You must have a Microsoft 365 global admin account that can create an Azure AD application.
- Please note, the way to register an Azure AD application varies by different Microsoft 365 endpoints.
For the purpose of this post we will be using the standard Microsoft 365 endpoint. However, Synology has provided a comprehensive break down of all three options in their article:
- Microsoft 365
- Microsoft 365 Germany
- Microsoft 365 operated by 21Vianet (China)
Now, it’s time to have some fun! First step is active Backup for Microsoft 365 on your Synology.
Step 1: Open Package Centre and then open Active Backup for Microsoft 365.
Step 2: Click Activate.
Step 3: This will then launch a new window in your default browser where you will be asked to log in with your Synology Account.
But first a EULA! 🙂
Step 4: Now that’s out of the way, back to logging in. Enter your details and click Get Activation Code.
Register the Application with Azure AD
Step 1: If you haven’t done so already, open the How to register an Azure AD application for Active Backup for Microsoft 365 tutorial that has been published by Synology and can be found here: https://www.synology.com/englobal/knowledgebase/DSM/tutorial/Backup/How_to_register_an_Azure_AD_app
Step 2: Download the AppGenerator.ps1 file from the tutorial weblink above or via the direct link: https://global.download.synology.com/download/Addons/ActiveBackup-Office365/AppGenerator.ps1
Step 3: Open Powershell and navigate to the folder where you have saved the AppGenerator.ps1 file.
Step 4: Change the PowerShell execution policy on the machine you wish to run the PowerShell script by copying and pasting the following command.
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process
Step 5: When prompted, press Y to confirm.
Step 6: You will receive a prompt to confirm running software from an untrusted publisher. When prompted, press R to confirm.
Step 7: NuGet is required for this script to function. You will be asked if you want to install and import the NuGet provider. When prompted, press Y to confirm.
Note: Now, if you’re like me and you were using a new Jump host machine in your test environment and forgot to install and load the AzureAD module (which is kind of important, HAHA!) then you will get this bonus error.
Note: If you run the below command you can fix this 🙂
Install-Module -Name "AzureAD"
Step 8: Now, with that little transgression behind us, we can run the AppGenerator.ps1 again. You will be asked to enter a password you wish to use to protect the certificate that will be created. You can enter any password meaningful however DO NOT forget this password as there is no easy way to recover this.
Step 9: You will then be prompted to provide your Microsoft credentials for authentication. Please enter you tenant admin credentials and follow the sign-in process Please note, this will change slightly if you have MFA enabled on your account.
Step 10: Once complete, you will be presented with a “Congratulations! Your Azure AD application has been successfully generated” message and you will be presented with the following information:
- Tenant ID
- Application ID
- Certificate File
IMPORTANT NOTE: Do not lose these details or certificate file as these are not easily recovered!
Step 10: You will then be asked to copy a unique URL into your browser. This unique URL will take you directly to your newly created application within Azure AD.
Step 11: Once you authenticate you should see the API permissions screen for the Microsoft 365 Backup app you created.
Step 12: Now, click on Grant admin consent for xxx.
Step 13: You will then be asked if you want to grant consent for the requested permissions for all accounts on the tenant. Click Yes to continue.
Step 14: After a moment or so, you should see a confirm Grant consent on your screen.
CONGRATULATIONS! This completes the App setup and you can now create your first backup!
Create A Backup Task
Now, the part everyone has been waiting for; creating your first backup task!
Step 1: If you have closed Active Backup for Microsoft 365 on your Synology, open the app again and click Task List and Create.
Step 2: Click Create a new backup task and click Next.
Note: This next screen should look familiar as we have been here before! 🙂
Step 3: Enter all the details you saved from the section above as per below and click Next.
Now, sit back and relax while everything connects!
Step 4: On the Configure task settings screen you can enter a Task name and select you Backup destination. For the purpose of this part, we will accept the default backup list. However, we will briefly step through what each screen offers if you were to do a custom backup. We will cover a custom backup in more detail later on.
We will also Enable Active Backup for Microsoft 365 Portal.
Step 5: Click on Edit
Step 6: The first screen you will see is the Users screen. This is the section where you can select or deselect users you would like to include/exclude for this backup task.
Step 7: Once completed you can click on Group.
Step 8: On the Group screen you can begin to select or deselect groups you would like to include/exclude for this backup task.
Step 9: Once complete, you can click on the Sites tab.
Step 10: Once you are happy with the selection (or not, and you decide to go back to the default option of everything) click OK.
Step 11: Once you are happy with your selection click Next.
Step 12: Next, you will be able to select the auto-discovery services. This is where Active Backup can add new users, groups and sites automatically when they are created in your Microsoft 365 tenant. For the purpose of this part, we will leave all the default values selected. Once complete, click Next.
Step 13: Next, you will be asked to select a backup policy and a file version retention policy. For the purpose of this part, we will leave all the default values selected. Once complete, click Next.
Step 14: Now, you will see a summary screen of all the actions you have made during this wizard. Please take a moment to review these and once happy click Apply.
Step 15: CONGRATULATIONS! You have just successfully set up Active Backup for Microsoft 365 and created your first Backup Task. Sit back and relax while your Backup Task runs for the first time. This could take many minutes/hours depending on the size of your Microsoft 365 tenant.