Cohesity Alta SaaS Protection Administrator's Guide
- Introduction to Cohesity Alta SaaS Protection
- Cohesity Alta SaaS Protection Copilot (AI chatbot)
- Cohesity Alta SaaS Protection Administrator portal (Web UI)
- Supported SaaS workloads
- Workflow to protect data using Cohesity Alta SaaS Protection
- Manage users and roles
- API permissions
- What is a connector?- What is a connector?
- About transient errors
- Overview of adding connectors
- Configure General settings
- Configure Capture scope
- Configure User filter
- Configure Group filter
- Configure Folder filter
- Configure credentials
- Configure Custom backup policy and guidelines
- Configure Delete policy for SharePoint Online and guidelines
- Configure Stubbing policy
- Guidelines to configure Stubbing policy for SharePoint Online
- Schedule a backup
- Configure email addresses to get notifications
- Review configuration and edit/save/initiate backup
- Connectors page
- Connector status
- Edit connector configuration
- Delete connectors
 
- Pre-requisites to setup protection for M365
- Protect Microsoft 365 Multi-Geo tenant
- Protect Exchange Online data
- Protect SharePoint sites and data- Setting up SharePoint Online protection with Cohesity Alta SaaS Protection
- Backup and restore support for SharePoint Online
- End-user SharePoint data access in Cohesity Alta SaaS Protection
- Run the Delete and Stubbing policies to the SharePoint Online environment
- Backup limitations for SharePoint Online
 
- Protect Teams sites
- Protect OneDrive data
- Protect Teams chats
- Protect GoogleDrive data
- Protect Gmail data
- Protect Audit logs
- Protect Salesforce data and metada
- Protect Entra ID objects
- Protect Box data
- Protect Slack data
- Protect Email/Message data
- Configure Retention policies
- Perform backups
- View and share backed-up data
- Analytics- About analytics
- Analytics page and refresh behavior
- Aggregation buckets
- Gain insights into storage utilization
- Gain insights into storage utilization for Entra ID and Salesforce connectors
- Gain insights into blocked activities, most active users, and more
- Gain insights into data volume (size and item count) on legal hold
- Gain insights into data volume (size and item count) saved in different Enhanced cases
- Gain insights into data volume (size and count) under different policies
- Gain insights into data volume (size and item count) under different Tags
- Gain insights into data volume (size and item count) under different Tags behaviors
- Gain insights into storage savings after deduplication and compression
- Gain insights into data ingestion trends
 
- Perform restores using Administration portal- About restore
- Prerequisites for restore
- Restore Exchange Online mailboxes
- Restore SharePoint/OneDrive/Teams Sites and data
- Restore Teams chat messages and Teams channel conversations
- Restore O365 audit logs
- Restore Box data
- Restore Google Drive data
- Restore Gmail data
- About Salesforce Data, Metadata, and CRM Content restore and Sandbox seeding- Guidelines for Schema changes in Salesforce organization to prevent restore failures
- Restore Standard and Custom objects (Structured data restore)
- Custom Object restore - post processing steps
- Restore specific Records (Structured data) using Query filters
- Restore Salesforce CRM Content (Unstructured data restore)
- Restore Salesforce files/documents in Public/Shared libraries (Unstructured data restore)
- Limitations of Salesforce Data restore
- Salesforce Objects not supported for restore
- Key considerations for Salesforce Metadata restore
- Restore Salesforce Metadata
- Limitations of Salesforce Metadata backup and restore
 
- About Entra ID (Azure AD) objects and records restore
- Restore Slack data
- Restore data to File server
- Set default restore point
- Configure Restore all, Restore all versions, Point-in-time, and Specific range restore options
- Configure email addresses for notifications
- Downloading an item
 
- Restore dashboard
- Install services and utilities- About services and utilities
- Pre-requisites to download and install services and utilities
- Downloading services and utilities
- Where to install the services and utilities
- Installing or upgrading services and utilities
- Configuring service accounts for services and utilities
- About the Apps Consent Grant Utility
 
- Discovery
- Configure Tagging polices
- Configure Tiering policy
- Auditing
- Manage Stors (Storages)
End-user SharePoint data access in Cohesity Alta SaaS Protection
End users can access Cohesity Alta SaaS Protection data either directly by the End-User portal or indirectly by stubs. End-users can only access data in Cohesity Alta SaaS Protection for which they have permissions at source. Cohesity Alta SaaS Protection captures this information while taking a backup. This section explains how access details at source are replicated in Cohesity Alta SaaS Protection for SharePoint/OneDrive and Teams Sites.
See Guidelines to configure Stubbing policy for SharePoint Online.
- By default, Cohesity Alta SaaS Protection captures only access information for site, list, and folder level permissions from the source. - To capture access information at item level, contact support. 
- Cohesity Alta SaaS Protection only captures access details for users who have SharePoint direct-access permissions. 
- When permissions change at the source, changes in Cohesity Alta SaaS Protection are only reflected when the connector successfully backs up the source at its scheduled time. 
- Cohesity Alta SaaS Protection only allows access to files for end-users or groups with the SharePoint permission levels that include the following list permissions: - Open items: Mapped to Cohesity Alta SaaS Protection Read, end user can preview, download, and restore files from the End-User portal or download and restore files from stub. 
- Edit items: Mapped to Cohesity Alta SaaS Protection Write, there are no Cohesity Alta SaaS Protection operations which use this for now. 
- Delete items: Mapped to Cohesity Alta SaaS Protection Delete, there are no Cohesity Alta SaaS Protection operations which use this for now. 
 
- If a user or group has SharePoint permission level with any other permission, then access will not be permitted. For example: - For a SharePoint permission level with only the or permissions, access will not be permitted. Default SharePoint permission levels that use only permission include , , and . - When files are stubbed, users with these permission levels will not be able to access the files from the stub. 
- SharePoint permission levels also generally does not contain the permissions, so such access to users with such permissions in Cohesity Alta SaaS Protection will not be permitted. 
 
- Directory synchronization should be configured as part of the Cohesity Alta SaaS Protection on-boarding process. 
- Cohesity Alta SaaS Protection requires directory synchronization for resolving SharePoint permissions, which are assigned to Entra groups and teams, and permissions, which are given to users with only a UPN and no email address. 
- Directory synchronization by Cohesity Alta SaaS Protection happens once a day. There can be intermittent access issues when changes have been made in Entra to a user or a group and a synchronization has not taken place. 
- Some changes/configurations in Entra can cause issues when doing directory synchronization in Cohesity Alta SaaS Protection, which can cause the end-user to not be able to access files either through the End-User portal or stubs. Contact support in such scenarios. - For example, frequent UPN changes - After User Principal Name change, end users are unable to download SharePoint items from End-User Portal. (veritas.com). - When a UPN is configured as a proxy email address for another user. 
 
- It is required to synchronize the entire directory with Cohesity Alta SaaS Protection, rather than parts to avoid access issues for end users. 
- If Cohesity Alta SaaS Protection backs up two different AD tenants with shared users (for example, a user in Tenant A is also an external user in Tenant B), permission issues can arise when accessing items assigned to shared users. 
- Site Administrators have full access to items in Cohesity Alta SaaS Protection. 
- For permission at the source with an AD group or Team members, a single permission for that AD Group or Team is created. 
- For permission at the source with a SharePoint group or Team owners, one permission per group member/owner is created in Cohesity Alta SaaS Protection. - Permissions for 'Everyone', 'NT AUTHORITY\authenticated users', 'Everyone except external users' are mapped to a built-in Cohesity Alta SaaS Protection system group called 'All Internal'. - This will grant access to all end-users (including external users in Microsoft Entra) synchronized to Cohesity Alta SaaS Protection by the directory synchronization process to that item. 
- If multiple Microsoft 365 tenants are being backed up then end users in Cohesity Alta SaaS Protection across all tenants will get access to the item. 
 
- Permissions for the 'Company Administrators' group are not synchronized to Cohesity Alta SaaS Protection as Cohesity Alta SaaS Protection does not support such a group. 
For OneDrive content, Cohesity Alta SaaS Protection synchronizes permissions only for the user who owns the OneDrive. So, from the Cohesity Alta SaaS Protection End-User portal and stubs within OneDrive, only the user to whom the OneDrive belongs can access the content.
- Currently, permissions granted by sharing links are not supported for Teams, SharePoint, and OneDrive.