Maintain control of your Microsoft 365 data
Post Reply
johannesk
Expert
Posts: 177
Liked: 38 times
Joined: Jan 19, 2016 1:28 pm
Full Name: Jóhannes Karl Karlsson
Contact:

O365 backup - information security

Post by johannesk »

The O365 backup runs with a service account that has extensive privilage to all O365 mailboxes. That's understandable. But what think is most scary, is that anyone that can logon to the server running the O365 backup can thus open a backup of any mailbox. This makes anyone who as access, a potential suspect in a data leak situations. I can see in the logs, that it states that the backup was opened, but not by whom or what was restored.

For my company - if the console would ask for a password of the service account each time it was opened, that would make it possible to audit, who made a lookup for the password. And of course if the O365 backup log, would note what user opened the console and what data was restored, would also be great.

What do you think?
Mike Resseler
Product Manager
Posts: 8286
Liked: 1361 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: O365 backup - information security

Post by Mike Resseler »

Hey Johannes,

Thanks for this feedback. You are right, if someone has the right to RDP to that box, he/she can open the backups. I understand the need for auditing and logs, and this is certainly something on the table for the next version(s). Any information you would like to see in those logs (or potential reports in the future) you can always tell us here. Certainly not making any promises, but we do discuss and look at every proposal made at these forums

Thanks
Mike
johannesk
Expert
Posts: 177
Liked: 38 times
Joined: Jan 19, 2016 1:28 pm
Full Name: Jóhannes Karl Karlsson
Contact:

Re: O365 backup - information security

Post by johannesk »

If the O365 module had security like VBR console (Users and Roles under options) would increase the security alot.

Then if the log would tell you what user opened the console, and what emails were opened/downdloaded/restored, we would have someting to justify using the product. Also that would be vital information for auditors.
Mike Resseler
Product Manager
Posts: 8286
Liked: 1361 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: O365 backup - information security

Post by Mike Resseler »

Understood and noted. No promises made but will certainly look into it
itrabbit
Influencer
Posts: 20
Liked: 6 times
Joined: Nov 24, 2016 6:50 am
Full Name: Matt Dunleavy
Contact:

Re: O365 backup - information security

Post by itrabbit »

It would be really appreciated any one who attempts to open/view a mailbox or restore is prompted for a password with particular security permissions i.e exchange administrator before they can access it.

It is really scary you can just open the backups and they are there.

What about backup encryption, how can I encrypt the backups? Would like that too or both a password and encrypted backups. There is a lot of confidentiality surrounding this and being able to access mail like this is really too easy.
Mike Resseler
Product Manager
Posts: 8286
Liked: 1361 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: O365 backup - information security

Post by Mike Resseler »

Thanks Matt,

Putting encryption on the running database might not be that easy (with that type of DB). I see your other requests and consider them noted

Thanks
Mike
mboucher87
Novice
Posts: 9
Liked: never
Joined: Jun 07, 2018 11:51 pm
Contact:

Re: O365 backup - information security

Post by mboucher87 »

Is there any logging done on when the Veeam Explorer for Exchange is used? ie a way to tell when someone used it, what they looked at etc.
Polina
Veeam Software
Posts: 3759
Liked: 922 times
Joined: Oct 21, 2011 11:22 am
Full Name: Polina Vasileva
Contact:

Re: O365 backup - information security

Post by Polina »

Yep, all actions are looged: "<DriveLetter>:\ProgramData\Veeam\Backup\<ExplorerName>\Logs"
Post Reply

Who is online

Users browsing this forum: Semrush [Bot] and 3 guests