NinjaOne Backup: SaaS Backup Frequently Asked Questions (FAQ)

Topic

This article addresses frequently asked questions about NinjaOne SaaS Backup.

NinjaOne SaaS Backup does not support the IPF (IMAP) folder type for backup. The only folder eligible for backup is the archive folder, as it has a valid folder class (IPF Note).IPF.IMAP that represents folders created or managed via IMAP synchronization. These folders are typically generated by email clients like Outlook when connecting with IMAP credentials.

Environment

NinjaOne SaaS Backup

Description

NinjaOne SaaS Backup is a cloud backup platform that helps businesses securely back up, manage, recover, and protect their business information. The automated and incremental backups simplify the backup, recovery, and compliance experience. It works with Microsoft 365 (Hosted Exchange, Groups, and Teams, SharePoint, and OneDrive), Gmail (including Calendars, Contacts, and Tasks), and other IMAP email servers. NinjaOne uses 256-bit (AES) encryption at rest and in transit, supporting multifactor authentication (MFA).

Index

Getting Started
Miscellaneous FAQ
Retention Policy FAQ
Hosted Exchange
- What action is required when the Hosted Exchange credentials are changed?
Additional Resources

Getting Started

What's the difference between a delta backup and a full backup?

We request that Microsoft retrieve the list of modified files through the delta link and then use it during the backup process. If NinjaOne SaaS backup detects errors on the delta link, it will run a full backup. NinjaOne SaaS Backup retrieves all files from the Microsoft OneDrive account at Microsoft using the full backup method and then processes the backup. During this process, we will skip unchanged files and back up only those that have changed. NinjaOne SaaS backup will notify you once it has completed the backup.

What is the difference between eDiscovery search and advanced search?

eDiscovery Search offers additional options for saving search criteria, previewing search results, and modifying saved search criteria. You can set up alerts, add tags, and mark results for the review process on the results of eDiscovery Search, whereas you cannot perform these functions with Advanced Search.

Advanced search is a one-time search option that organizations can use to view, download, restore, or migrate data.

What is your data redundancy within a data center?

We use AWS for our PaaS and IaaS infrastructure. All AWS data centers are SOC 1, 2, and 3 and ISO27001 certified.
Each of our AWS locations has three physical data centers known in AWS terms as availability zones (AZs).
Data at rest is on AWS S3, consistent across all 3 AZs. We replicate our database across 2 AZs. If our primary AZ goes down, data will remain available on S3 and our databases.
We have AIM machine images for our compute instances, allowing us to bring the machines up in minutes.

What are the password requirements?

Passwords must have a minimum of:

10 characters.
One upper case letter.
One lowercase letter.
One special character.
One numerical character.

How can I reset my password?

Use the Forgot Password option on the login page. Enter your registered email address, and an email will be sent to the registered email address containing a reset password link.

Why are domain backups (SP, G&T) not backed up?

A backup of a particular domain (SharePoint, Groups, and Teams) can only be present in one organization. The backup resides in the original organization.

What happens when you change the backup administrator or reset their password?

If the email address of the Backup administrator is changed, the system creates a new one because it cannot find the existing one.

When the password is changed, the device's refresh token gets revoked. This situation would lead to a credential error, which reauthentication can fix.

What rules and procedures are applied to ensure the secure erasure of data after contract termination?

We use Amazon Web Services (AWS) S3, which has erasure coding policies built in. We also do not enable versioning on S3, ensuring secure data erasure.

Are backup administrator credentials stored and handled securely?

When we create a backup administrator, we enable MFA, generate a strong password, and store the encrypted credentials in our database (as we need to show the credentials to the user during the initial setup).

When the user first logs in using the credentials, they must set up MFA, and we will never use those credentials again. The user can even reset their own password.

You cannot use backup administrator credentials without the MFA. Once the user authenticates our device and application, we will use only OAuth Access and Refresh Tokens for authentication.

Does the backup administrator account require a license?

The backup administrator account only has to be a global administrator. The account does not require a license.

Why does the Last Backup field in the archiver product display an outdated date?

When mailboxes don't have any recent messages (incoming or outgoing) through journaling, the field "Last Backup" displays an outdated date. Check to confirm whether the mailboxes have recent messages.

Does the backup administrator require a global administrator role?

Yes, NinjaOne SaaS Backup delegates permissions that can only be granted as a Global administrator.

Can the backup administrator be removed?

You should never remove the backup administrator. If you do, the following will occur:

Journaling issues.
Groups and Teams backup issues.
Public Folder Restore issues

Miscellaneous FAQ

Why is the Error "No Data Available" displayed on the restore page?

When the selected date range doesn't have data in the backup, the error "no data available" is displayed. Recheck the date range chosen. If you are still unable to refer to "No data available," reach out to NinjaOne Support.

Why does the backup show more emails when fewer emails are in the mail server?

The number of emails or the data size of the backup isn't the ideal way to compare, as NinjaOne SaaS Backup compresses the data. Also, when emails are deleted from the mail server, they are not deleted in the backup.

What happens to backup when an organization moves a tenant from M365 to Google Workspace or vice versa?

Share details (organization, M365, and Google Workspace tenant) with NinjaOne Support for validation from the backend. After validation, the team will share the possible options to continue the backup. We have two methods to choose from:

Option 1:

We can rename the existing accounts and then deactivate their backup. This method would retain the previously backed-up Google Workspace data.
We can then add their M365 accounts to the backup, starting the M365 data backup.

Option 2:

We can switch backup administrator credentials from Google Workspace to M365.
In this method, the previously backed-up Google Drive data would be lost. However, the other old backups (Emails, Contacts, Calendars, Tasks) will be retained, and future backups will happen from M365.

How does the restore feature (Create Copy - Append - Overwrite - Skip) work?

Use the summary below for a quick reference about the four restoration options.

Feature	Purpose
Create Copy (Default)	Restore files as a duplicate of the existing ones.
Append	Restore files by adding a new version of the existing ones
Overwrite	Replace existing files with the Restored ones.
Skip	Skip restore for any files that already exist.

These four options define how the restore process handles conflicts (same file name but different IDs).

For example, there is a file named "Project.txt" with ID "ABC," that you need to restore; while performing the restore, the system finds a file with the same name, "Project.txt," with a different ID "XYZ" in OneDrive on the M365 side:

Create Copy (Default)
- If this option is selected, then the restore process will rename the file on the M365 side and restore it as a new file.
Append
- If this option is selected, NinjaOne SaaS Backup will add a new version of the file with the same name.
Overwrite
- If this option is selected, then the restore process will replace the existing file on the M365 side with the new file. NinjaOne SaaS Backup will remove all previous versions and change the ID.
Skip
- If this option is selected,NinjaOne SaaS Backup will not restore the file when a conflict occurs.

If there is no naming conflict, then the restore process will work the same across all four options.

How can a restore be cancelled?

Open the System Status tab in the End-User Portal.
Select Restores.
Navigate to the specific restore process and then click Cancel.

Data that is already restored can't be reverted, and it resides on the mail server. The restore process stops from the time of the cancellation.

How do I configure MFA in a conditional policy?

If you have configured the tenant with the MFA setting for 90 days, the device token will expire as per the setting, and the system will prompt you to complete "Re-Authentication."

If the customer has a Microsoft Entra ID Premium license, they can configure the MFA Setting "Remember multi-factor authentication on trusted device" in the Conditional Access Policy. Below are the steps to do so.

Turn off the MFA setting "Remember multi-factor authentication on trusted device."
Create a new Conditional Access policy.
Navigate to Assignments → User and Groups, select All users in the Include tab, and select the Backup Admin in the Exclude tab.
Select All Cloud Apps in Cloud Apps and Actions.
Navigate to Access Control → Session, select Sign-in frequency, and configure the number of days customers need to remember the device for other users.

If the customer doesn't have a Microsoft Entra ID Premium license, then they need to either disable that MFA setting (Remember multi-factor authentication on trusted device) or perform reauthentication every 'x' number of days that they configured the MFA setting.

What are the scenarios for the recoverable items folder?

There are two backup scenarios for the recoverable items folder:

Before onboarding
- When the customer already has some data in the recoverable items folder before onboarding, we can't back up those email messages. This situation happens because no Microsoft API is available to process the folder backup during the initial backup.
After onboarding
- Once you've added the tenant, NinjaOne SaaS Backup initiates the initial backup, which includes backing up all email messages. Later, if the customer moves any email messages to the recoverable items folder, we don't need to back up those messages specifically, as they are already in the backup.

Can users be moved from one organization to another?

Every customer organization has a unique identifier in our system for identification, ensuring that backed-up data is distinct across organizations.

To add a mailbox to a different organization other than the one it currently resides in, you must purge the mailbox and start the backup from scratch in the target organization. The same is true for other backup types (OneDrive, SharePoint, and others).

Can I switch from the Archiving Plus Backup product to the Backup-only product?

No, this is not possible. Reach out to NinjaOne Support to discuss creating a new NinjaOne SaaS Backup-only product and deprecating the current Archiving+Backup product.

How do I upgrade from a backup-only plan to a backup plus archive plan?

Log in to the partner portal dashboard.
Select Organizations.
Select the action menu (represented by three dots), to the right of the desired organization.
Select View Details.
Select the Subscriptions tab.
In the Update Subscription box (blue box), select the drop-down and change this to the Archiver subscription.
Select the blue Update button.
A prompt will appear. Select Yes, then Continue to finalize the change.

Can we use NinjaOne SaaS Backup as a migration tool?

NinjaOne does not recommend using NinjaOne SaaS Backup as a migration tool.

We can back up from one account and then restore to another individual account (within the same tenant). While this could be considered a migration tool, in reality, it is just a 1:1 restore.| Attempting to migrate using our platform will require a significant amount of time and effort and is not recommended.
NinjaOne SaaS Backup does not restore any configurations and settings. We only back up the data and restore it to a different account.

Why is the "Login as Client" Button missing for my NFR subscription?

As an NFR (Not for Resale) account holds data of the reseller organization, the "Login as Client" button is provided only to the reseller account owner for security purposes, and other user roles (Super administrator, administrator, Support, Finance) will not see the button.

Retention Policy FAQ

What products can utilize retention policies?

With the backup-only type subscription, only mail can have an assigned retention policy. With the archiver-type subscription, mail and SharePoint can have assigned retention policies.

What is the default retention period?

By default, we offer unlimited data retention and storage.

With the archiver-type subscription, you can set customizable retention periods for data (only email and SharePoint), ranging from 30 days to 11 years. Additionally, you have the option to set retention periods to unlimited.
With the backup-type subscription, you can enable retention for 14 months, 4 years, 7 years, or never delete.
If you don't set a specific retention period, it will default to unlimited; however, a banner will display advising you to create one.

Once I've put a retention policy in place, how long does it take NinjaOne SaaS Backup to remove emails dated before the policy time limit?

24–72 hours to start, depending on the amount of data the system needs to remove and when our automation recognizes and begins the process.

Once I've put a retention policy in place, will all emails from before the policy-specified date be destroyed?

Yes, the emails are permanently deleted and unrecoverable.

Can retention policies be deleted or modified?

Yes. Navigate to Compliance → Retention Policy and click the Retention Policy List tab. Select the policy you would like to delete, then click Delete or Edit.

Note: Editing an existing retention policy will only affect emails that have not been deleted yet.

How is the retention period calculated?

NinjaOne SaaS Backup calculates the retention period from the date the email is received in your mailbox and not from when the email is copied to our archive. It is applied to all existing emails and to all future emails.
The policy is applied as soon as you create it.
NinjaOne SaaS Backup will delete emails within 24 hours of their retention period expiring.

You cannot recover emails once a retention policy deletes them.
Example: You created a one-year retention policy today (September 4, 2024)

Email Receive Date	Retention Policy Period	Retention Policy Create Date	Policy Expiration Date
13 May 2012	1 Year	Today	Today
1 June 2014	1 Year	Today	Today
4 September 2024	1 Year	Today	4 September 2025
10 October 2024	1 Year	Today	10 October 2025

Hosted Exchange

What action is required when the Hosted Exchange credentials are changed?

In Hosted Exchange, we create a Backup administrator ([email protected]) to grant permissions to the user's mailbox. We recommend setting the password expiration policy for this Backup administrator never to expire. Also, ensure that it is not deleted or that the password has not been changed. If the Backup administrator credentials are changed, Contact NinjaOne support to take the necessary steps to avoid backup interruption.