Veritas Alta™ SaaS Protection Administrator's Guide

Last Published:
Product(s): Veritas Alta SaaS Protection (1.0)
  1. Introduction to Veritas Alta™ SaaS Protection
    1.  
      About Cohesity Alta SaaS Protection
    2.  
      Features of Cohesity Alta SaaS Protection
    3.  
      Architecture of Cohesity Alta SaaS Protection
    4.  
      Operational workflow
    5.  
      Extra Data Backup (EDB)
  2. API permissions
    1.  
      API permissions for Microsoft 365 workloads
    2.  
      API permissions for Gmail and Google Drive
    3.  
      System and API permissions for Salesforce
    4.  
      API permissions for Entra ID
    5.  
      App permissions of Web App
  3. Administrator portal (Web UI)
    1.  
      About the Administration portal
    2.  
      Configure the Administration portal
    3.  
      View upgrade history
  4. Manage users and roles
    1.  
      Role-based access control
    2. Permissions tab
      1.  
        Users and groups page
      2.  
        Roles page
      3.  
        Unrecognized users page
      4.  
        Settings page
  5. What is a connector?
    1.  
      What is a connector?
    2.  
      Supported SaaS workloads and backup capabilities
    3.  
      Workflow to protect data using Cohesity Alta SaaS Protection
    4.  
      Know your subscription details
    5.  
      About transient errors
    6.  
      Overview of adding connectors
    7.  
      Configure General settings
    8.  
      Configure Capture scope
    9.  
      Configure User filter
    10.  
      Configure Group filter
    11.  
      Configure Folder filter
    12. Configure credentials
      1.  
        Assign Microsoft 365 apps registration
      2.  
        Microsoft 365 apps registration status
      3.  
        Manually approve Microsoft 365 apps registration
      4.  
        Approve Microsoft 365 apps using the App Consent Grant utility
      5.  
        Microsoft 365 apps recovery
    13.  
      Configure Custom backup policy and guidelines
    14.  
      Configure Delete policy for SharePoint Online and guidelines
    15.  
      Configure Stubbing policy
    16.  
      Guidelines to configure Stubbing policy for SharePoint Online
    17.  
      Schedule a backup
    18.  
      Configure email addresses to get notifications
    19.  
      Review configuration and edit/save/initiate backup
    20.  
      Connectors page
    21.  
      Connector status
    22.  
      Edit connector configuration
    23.  
      Delete connectors
  6. Pre-requisites for Microsoft 365 connectors
    1.  
      Pre-requisites for Microsoft 365 connectors
  7. Protect Microsoft 365 Multi-Geo tenant
    1.  
      Considerations for adding SharePoint/Teams Sites/OneDrive connectors for Microsoft 365 Multi-Geo tenant
  8. Protect Exchange Online data
    1.  
      Add Exchange Online connectors
    2.  
      Configure capture scope for Exchange connectors
  9. Protect SharePoint sites and data
    1.  
      Add SharePoint connectors
    2.  
      Supported and unsupported SharePoint Settings and Types for backup and restore
    3.  
      Supported Sites and List templates for backup and restore
    4.  
      Supported SharePoint permission objects for backup and restore
    5.  
      Configuring capture scope for SharePoint connectors
    6.  
      End-user SharePoint data access in Cohesity Alta SaaS Protection
    7.  
      Run Delete and Stubbing policies to the SharePoint Online environment
    8.  
      Limitations of SharePoint connector
  10. Protect Teams sites
    1.  
      Add Teams site collections connectors
    2.  
      Configure capture scope for Team site collections connectors
    3.  
      Limitations of Teams site collections connector
  11. Protect OneDrive data
    1.  
      Add OneDrive connectors
    2.  
      Configure capture scope for OneDrive connectors
  12. Protect Teams chats
    1.  
      Add Teams chat connectors
    2.  
      Configure capture scope for Teams chat connectors
    3.  
      Limitations of Teams chat connector
  13. Protect GoogleDrive data
    1.  
      Prerequisites to add Google Drive connectors
    2.  
      Add Google Drive connectors
    3.  
      Configure capture scope for Google Drive connectors
    4.  
      Limitations of Google Drive connector
  14. Protect Gmail data
    1.  
      Prerequisites to add Gmail connectors
    2.  
      Add Gmail connectors
    3.  
      Configure capture scope for Gmail connectors
  15. Protect Audit logs
    1.  
      Add Audit log connectors
    2.  
      Audit log connector limitations
  16. Protect Salesforce data and metada
    1.  
      About Salesforce protection
    2.  
      Key considerations and prerequisites for adding Salesforce connectors
    3.  
      Add Salesforce connectors
    4.  
      Limitations of Salesforce connectors
    5.  
      Salesforce Objects not supported for backup
  17. Protect Entra ID objects
    1.  
      Add Entra ID (Azure AD) connectors
    2.  
      Limitations for Entra ID connector
  18. Protect Box data
    1.  
      Prerequisites for Box connectors configuration
    2.  
      Add Box connectors
    3.  
      Configure capture scope for Box connector
    4.  
      Limitations of Box connector
  19. Protect Slack data
    1.  
      Add Slack connectors
  20. Protect Email/Message data
    1.  
      Prerequisite for Email/message connector
    2.  
      Add Email/Messages file
  21. Configure Retention policies
    1.  
      About WORM policies
    2.  
      Ingestion WORM policies page
    3.  
      Add/edit Ingestion WORM retention policies and guidelines
    4.  
      Add/edit At-Rest WORM retention policies
    5.  
      Add/edit Deletion policies
    6.  
      View deletion history
    7.  
      How to edit the policy evaluation interval?
    8.  
      How to add a Location filter?
    9.  
      How to add a filter?
  22. Perform backups
    1.  
      Perform on-demand/ad-hoc backup
    2.  
      Backup dashboard
    3.  
      Video tutorial for connector troubleshooting
    4. View backup events
      1.  
        About Event suppression
      2.  
        Create event suppression rules
    5.  
      Viewing backup tasks details
  23. View and share backed-up data
    1.  
      Browse backed-up data
    2.  
      Share data
    3.  
      Remove data sharing
  24. Analytics
    1.  
      About analytics
    2.  
      Gain insights into storage utilization
    3.  
      Gain insights into storage utilization for Entra ID and Salesforce connectors
    4.  
      Gain insights into blocked activities, most active users, and more
    5.  
      Gain insights into data volume (size and item count) on legal hold
    6.  
      Gain insights into data volume (size and item count) saved in different Enhanced cases
    7.  
      Gain insights into data volume (size and count) under different policies
    8.  
      Gain insights into data volume (size and item count) under different Tags
    9.  
      Gain insights into data volume (size and item count) under different Tags behaviors
    10.  
      Gain insights into storage savings after deduplication and compression
    11.  
      Gain insights into data ingestion trends
  25. Perform restores using Administration portal
    1.  
      About restore
    2.  
      Prerequisites for restore
    3.  
      Restore Exchange Online mailboxes
    4. Restore SharePoint/OneDrive/Teams Sites and data
      1.  
        Restore of OneDrive, Microsoft 365 Group, and Microsoft Teams sites
      2.  
        Limitations of SharePoint sites and data restore
    5. Restore Teams chat messages and Teams channel conversations
      1.  
        Limitations of Teams chat data restore
    6.  
      Restore O365 audit logs
    7. Restore Box data
      1.  
        Limitations of Box data restore
    8. Restore Google Drive data
      1.  
        About the overwrite restore behavior for Box/Google Drive data
    9.  
      Restore Gmail data
    10. About Salesforce Data, Metadata, and CRM Content restore and Sandbox seeding
      1.  
        Guidelines for Schema changes in Salesforce organization to prevent restore failures
      2.  
        Restore Standard and Custom objects (Structured data restore)
      3.  
        Custom Object restore - post processing steps
      4.  
        Restore specific Records (Structured data) using Query filters
      5.  
        Restore Salesforce CRM Content (Unstructured data restore)
      6.  
        Restore Salesforce files/documents in Public/Shared libraries (Unstructured data restore)
      7.  
        Limitations of Salesforce Data restore
      8.  
        Salesforce Objects not supported for restore
      9.  
        Key considerations for Salesforce Metadata restore
      10.  
        Restore Salesforce Metadata
      11.  
        Limitations of Salesforce Metadata backup and restore
    11. About Entra ID (Azure AD) objects and records restore
      1.  
        Permissions requirement
      2.  
        Best practices to restore Entra ID objects
      3.  
        Restore an Entra ID object
      4.  
        Restore specific records within Entra ID objects
    12.  
      Restore Slack data
    13.  
      Restore data to File server
    14.  
      Set default restore point
    15.  
      Configure Restore all, Restore all versions, Point-in-time, and Specific range restore options
    16.  
      Configure email addresses for notifications
    17.  
      Downloading an item
  26. Restore dashboard
    1.  
      About Restore dashboard
    2.  
      Restore job statuses
    3.  
      How to cancel a restore job?
    4.  
      View the restore events
  27. Install services and utilities
    1.  
      About services and utilities
    2.  
      Pre-requisites to download and install services and utilities
    3.  
      Downloading services and utilities
    4.  
      Where to install the services and utilities
    5.  
      Installing or upgrading services and utilities
    6.  
      Configuring service accounts for services and utilities
    7. About the Apps Consent Grant Utility
      1.  
        Downloading the Apps Consent Grant Utility
      2.  
        Installing or upgrading the Apps Consent Grant Utility
      3.  
        Post-installation activities for the Apps Consent Grant Utility
  28. Discovery
    1.  
      About eDiscovery/searches
    2.  
      Add search templates
    3.  
      Add Discovery cases
    4.  
      Perform ad hoc search and add data to Discovery cases
    5.  
      View data in Discovery cases
    6.  
      Edit Discovery cases
    7.  
      DeleteDiscovery cases
    8.  
      Assign Discovery cases to users
  29. Configure Tagging polices
    1.  
      About the Tagging policy
    2.  
      Add Tags
    3.  
      Add/edit Tagging policies
    4. Adding regular expressions
      1.  
        RegEx and query examples for PII detection
  30. Configure Tiering policy
    1. About the Tiering policy
      1.  
        Storage tiering and full-text search
      2.  
        User experience on storage tiering
      3.  
        Priority for storage Tiering
    2.  
      Add/edit Tiering policies
  31. Auditing
    1.  
      Auditing
  32. Manage Stors (Storages)
    1.  
      Viewing Stors (Storages)
    2.  
      Requesting a new Stor
    3.  
      General tab
    4.  
      Version control settings
    5.  
      Metadata tab
    6.  
      Statistical policies tab
    7.  
      Location-Mapping tab
    8.  
      Backup tab
    9.  
      Custodian Groups tab
    10.  
      Advanced tab
    11.  
      Analytics tab

Permissions tab

Cohesity Alta SaaS Protection offers the capability to implement role-based access control (RBAC) for its tenants. RBAC lets you grant users access and permissions according to their specific organizational roles.

The following table describes the permissions in Cohesity Alta SaaS Protection.

Table: General settings permissions

General settings

Description

Access all items

It permits the user to access and restore all content of the tenant.

Also, by selecting the following respective checkboxes, you can prevent the user from sharing, downloading, restoring, and restoring to an alternative location.

  • Prevent administrative sharing.

  • Prevent Item Preview and Download.

  • Prevent restore.

  • Prevent restore outside of original location.

Full admin

It permits the user with all permissions except Access All Items, Add Content, and API Impersonation.

To mitigate the risks associated with the Full Admin account, provision this account only on-demand to prevent account sharing.

Add content

The assigned user can add new content to the tenant, typically the Service account.

View only

It permits the user to sign in to the Administration portal without the ability to add, modify, or delete anything.

Delete content

It permits the user to delete backed-up items.

Table: End-User permissions

End-User settings

Description

End-User SharePoint stubbing restore

It permits an end-user to restore a stubbed item by clicking on it using the End-User portal.

End-User retrieval and download

It permits an end-user to download a stubbed item by clicking on it using the End-User portal.

End-user portal

It permits an end-user to perform the following action on the End-User portal:

  • Search for the required item.

  • Share items internally and externally.

  • Restore the items.

Table: Administration portal permissions

Administration portal settings

Description

Administration App

It permits the user to sign in to the Administration portal.

You can select the following checkboxes for the permissions you want to grant the user.

  • Manage permissions: It permits the user to manage permission and roles for other users.

  • Provisioning: It permits the user to perform the initial provisioning operations (used by the Cohesity Alta SaaS Protection team only).

  • View auditing: It permits the user to access the Auditing module and enable auditing as required.

  • Manage connectors: It permits the user to add connectors. Important: A user who is a member of a Custodian group should not be assigned this permission.

Manage Scope

It permits the user to view and manage Scopes.

  • If a user adds to a Scope and does not have Managed Scope permission, then the user can only see the connectors that are part of the Scope to which the user is added.

  • If the user is assigned with the Managed Scope permission (it does not matter if the user has Scopes), then the user can see all connectors, including those created using a Scope.

Analytics App

It permits the user to access the Analytics module.

Tagging App

It permits the user to access the Tagging module.

Discovery app

It permits the user to access the Discovery module.

You can select the following checkboxes for the permissions you want to grant the user:

  • Create cases: It permits a user to create Discovery cases.

  • All cases full admin: It permits a user to view and manage all Discovery cases with full rights.

Retention App

It permits the user to access the Retention module.

License App

It permits the user to access the License module.

System App

It permits the user to access the System module.

Chargeback App

It permits the user to access the Chargeback module.

Storage Tiering App

It permits the user to access the Tiering module.

Monitoring App

It permits the user to view the Monitoring module.

Table: API settings

API settings

Description

API

It permits the user to access a wide range of general API. This permission is required for all Service accounts.

API Blobless Archive

It permits the user to allow the Connector service to operate with the Blobless Archive option on a connector.

It is advisable to grant and use this permission solely in a drive-shipping scenario.

API Impersonation

It permits the user to impersonate another user by the API.

The Permissions tab lets you manage user access and roles, with options for user and group management, roles administration, managing unrecognized and external users.