Dear People,
For data privacy requirements we want to activate the "Customer Key" Feature in our Microsoft 365 tenant.
https://docs.microsoft.com/en-us/micros ... -worldwide
I am wondering if there are any risks regarding backup of our data with VBO.
Don't think this is the case, since data-at-rest is already encrypted with Bitlocker by Microsoft. Activating this Customer Key feature does only replace the encryption key by our own (hosted in Azure KeyVault).
VBO should't even recognize this on this layer.
But I want to make sure I clarified everything before, so I ask here.
Does anyone have this feature activated? Is there any official statement of Veeam regarding support?
Thanks a lot,
Chris
-
CKESSLER
- Enthusiast
- Posts: 31
- Liked: 4 times
- Joined: Dec 25, 2015 9:44 am
- Contact:
-
CKESSLER
- Enthusiast
- Posts: 31
- Liked: 4 times
- Joined: Dec 25, 2015 9:44 am
- Contact:
Re: M365 Customer Key Feature - Supported by VBO?
BTW, I also opened a case to get official statement (# 05363803)
But support seems not to understand my question. Even after trying to explain the functionality of "Microsoft Customer Key" a couple of times. He thinks I want to encrypt and local backup repository and states that VBO does not support it.
Getting little frustrated with support (first time with Veeam). Here what he wrotes:
I had this feature called "Customer key" discussed internally and I may inform that Encrypted data cannot work with VBO due to following reasons:
- the connection to the Databases can be lost due to that
- the retention policy might also be affected as well as other processes that lock the Database during their run
- encryption will mix up the data in DBs and in the case of defragmenting the disk, tools like Esentutil will simply affect the entire data and some of it can be lost due to this.
Veeam Backup for Microsoft 365 does not support encryption at-rest for the following types of backup repositories:
A local directory on a backup proxy server.
Direct Attached Storage (DAS) connected to the backup proxy server.
Storage Area Network (SAN).
Network Attached Storage (SMB shares version 3.0 or later).
https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=60
With this being said, we do not recommend using features like Encryption Key with VBO.
The only scenario related to VBO in which encryption is supported is when Object Storages are being used; in this case, the type of encryption that will be used is proprietary and accordingly to the service in cause be it (S3, Amazon, Azure Blob Storage, etc)
https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=60
But support seems not to understand my question. Even after trying to explain the functionality of "Microsoft Customer Key" a couple of times. He thinks I want to encrypt and local backup repository and states that VBO does not support it.
Getting little frustrated with support (first time with Veeam). Here what he wrotes:
I had this feature called "Customer key" discussed internally and I may inform that Encrypted data cannot work with VBO due to following reasons:
- the connection to the Databases can be lost due to that
- the retention policy might also be affected as well as other processes that lock the Database during their run
- encryption will mix up the data in DBs and in the case of defragmenting the disk, tools like Esentutil will simply affect the entire data and some of it can be lost due to this.
Veeam Backup for Microsoft 365 does not support encryption at-rest for the following types of backup repositories:
A local directory on a backup proxy server.
Direct Attached Storage (DAS) connected to the backup proxy server.
Storage Area Network (SAN).
Network Attached Storage (SMB shares version 3.0 or later).
https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=60
With this being said, we do not recommend using features like Encryption Key with VBO.
The only scenario related to VBO in which encryption is supported is when Object Storages are being used; in this case, the type of encryption that will be used is proprietary and accordingly to the service in cause be it (S3, Amazon, Azure Blob Storage, etc)
https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=60
-
Polina
- Veeam Software
- Posts: 2981
- Liked: 708 times
- Joined: Oct 21, 2011 11:22 am
- Full Name: Polina Vasileva
- Contact:
Re: M365 Customer Key Feature - Supported by VBO?
Hi,
Data encrypted with a Customer Key is supported for both backup and restore, there shouldn't be any issues.
There was probably some misunderstanding on the support side, I'll talk to your support engineer to clarify things.
Thanks!
Data encrypted with a Customer Key is supported for both backup and restore, there shouldn't be any issues.
There was probably some misunderstanding on the support side, I'll talk to your support engineer to clarify things.
Thanks!
-
CKESSLER
- Enthusiast
- Posts: 31
- Liked: 4 times
- Joined: Dec 25, 2015 9:44 am
- Contact:
Re: M365 Customer Key Feature - Supported by VBO?
Thanks, Support now also confirmed it!
Who is online
Users browsing this forum: Semrush [Bot] and 11 guests