Working with application settings

Use these steps to configure notifications, administrators, and other tenant settings for the application:

  1. Log into Spanning Backup for Microsoft 365 as an admin user.
  2. Click Settings.
  3. Review the settings on each tab and modify as needed.
    Screenshot of the Settings page

See these topics for details:

Use the settings on the Auto-Protection tab to configure automated protection of your users and shared mailboxes.

Automated license assignment is one way to ensure user data is protected without delays. Spanning admins can specify which sets of users are automatically protected. Use these procedures to configure auto-protection settings for standard user licenses.

In the License Settings section on the Auto-Protection > Standard Licenses Settings tab, choose whether to enable these automated licensing features:

  • Automatically purchase Standard Licenses for new users – Use with auto-protection settings to automatically purchase standard licenses when needed, to ensure that each newly added user is protected with Spanning backups. You must also configure auto-protection settings to use this feature (see To configure Auto-Protection settings).
  • Enable Auto-Protect Settings – You must also configure auto-protection settings to use this feature (see To configure Auto-Protection settings).

Screenshot of the Auto-Protection Standard Licenses Settings tab

Auto-Protection settings (formerly known as group-based licensing) enable Spanning to automatically protect new users in your tenant via Azure Active Directory security group membership.

NOTE  There are multiple types of Azure groups. Spanning can license by security groups only.

If the Enable Auto-Protect Settings checkbox is selected in License Settings above, use this procedure to configure auto-protection settings:

  1. On the Auto-Protection > Standard Licenses Settings tab in the Auto-Protection section, click to expand Automatically assign Standard Licenses....

  2. Enable one of the following options:

  • To all new users – Automatically assigns licenses to every new user in the domain.
    Screenshot of the auto-protect all new users option

  • To all Microsoft-licensed users – Automatically assigns licenses to every new Microsoft-licensed user in the domain.
    Screenshot of the auto-protect all Microsoft-licensed users option

  • To the selected Groups: – Automatically assigns licenses to every new member of the groups you select.
    Screenshot of the auto-protect selected groups option

Click Select Groups, select one or more groups from the list, and click Add Group(s).
Screenshot of the group selection dialog for auto-protection

Groups are added and a confirmation message displays.

(Optional) Check the Automatically add new Groups to list box to add newly created groups to the list. Users in these newly created groups are automatically assigned licenses.
Screenshot of groups added to the auto-protection list

  • To all Groups except: – Automatically assigns licenses to every new member of all groups other than the ones you select.
    Screenshot of the auto-protect all groups except option

Click Select Groups, select one or more groups from the list, and click Add Group(s).
Screenshot of the group exclusion selection dialog for auto-protection

Groups are added and a confirmation message displays.

(Optional) Check the Automatically add new Groups to list to add newly created groups to the list. Users in these newly created groups are not automatically assigned licenses.
Screenshot of groups added to the auto-protection exclusion list

  1. (Optional) Exclude auto-assignment via keywords. If a user's email address contains any of the keywords added in this section, that user will not be automatically assigned a license.

Click to expand Exclude auto-assignment via keywords. Enter a keyword and click Add Keyword one at a time until the list of excluded keywords is populated as necessary.
Screenshot of the exclude auto-assignment via keywords section

  1. (Recommended) On the Notifications tab, enter a number in the Depletion Notification quantity field so that Spanning sends a notification when your available license count reaches the specified threshold. (See Notifications tab settings.) To stop receiving these notifications, set the quantity to zero (0).
  1. Auto-protection is enabled. Note the following:
  • Spanning checks the specified Azure Active Directory security groups for new users once a day. If a new user is found, Spanning assigns a standard license to that user if one is available.
  • Spanning does not automatically unassign licenses, even if users are removed from a security group or from Microsoft 365.
  • When a Spanning license is unassigned:
    • A user's data is removed permanently 60 days after the change is made.
    • If a license is re-applied within 60 days, backups resume and data is preserved based on the organization's current retention settings.
  1. (Optional) Check the Automatically purchase Standard Licenses for new users box above in the License Settings section to purchase standard licenses when needed, to ensure that each newly added user is protected with Spanning backups:
    Screenshot of the Auto-Protection Standard Licenses Settings tab

Spanning's archived protection is used to retain the backups of users and shared mailboxes.

On the Auto-Protection > Archived Licenses Settings tab, choose whether to enable the Automatically assign Archived Licenses for deleted users and shared mailboxes option. If enabled:

  • Archived licenses are automatically assigned to users that were deleted by Microsoft if there is an available license to assign.

  • Archived protection is applied to shared mailboxes that were deleted by Microsoft as follows:

  • Spanning Backup and Kaseya 365 subscriptions – These subscriptions include unlimited protection for shared mailboxes. Archived protection is applied to all deleted shared mailboxes.

  • Legacy Spanning Backup subscriptions – For each archived license purchased you can archive one user and you are allocated archived protection for one shared mailbox. Archived protection is applied to mailboxes as long as the amount remaining in your Shared Mailboxes Archive Pool is greater than zero:
    Screenshot of the Shared Mailboxes Archive Pool

NOTE  Configuration options vary by subscription type. If you have a Legacy Spanning Backup subscription, see Legacy Spanning Backup subscriptions below.

On the Auto-Protection > Shared Mailbox Settings tab, choose whether to enable the Enable Shared Mailbox Auto-Protect Settings option. If enabled, each newly added shared mailbox is automatically protected with Spanning backups.
Screenshot of the Auto-Protection Shared Mailbox Settings tab with Enable Shared Mailbox Auto-Protect Settings option

Legacy Spanning Backup subscriptions

For Legacy subscriptions, you can protect one shared mailbox for each standard user license purchased.

On the Auto-Protection > Shared Mailbox Settings tab, choose whether to enable these options:
Screenshot of the Auto-Protection Shared Mailbox Settings for Legacy subscriptions

  • Automatically purchase Standard Licenses for new shared mailboxes – Use with auto-protection settings to automatically purchase standard user licenses when needed, to ensure that each newly added shared mailbox is protected with Spanning backups. You must configure auto-protection settings to enable this feature (see To configure Auto-Protection settings).
  • Enable Shared Mailbox Auto-Protect Settings – Use to automatically protect newly discovered shared mailboxes with Spanning Backups. Protection is applied to shared mailboxes as long as the amount remaining in your Shared Mailboxes Pool is greater than zero:
    Screenshot of the Shared Mailboxes Pool count

Spanning runs daily automated backups of this data for each licensed user: Mail, Calendar, Contact, OneDrive, SharePoint, and Teams. On the Backup & Security tab, a backup tile displays for each of these backup types.
Screenshot of the Backup and Security settings tab showing backup type tiles

Review the backup tiles and modify these settings as needed:

  • Click a toggle to disable or enable a backup type for your Spanning Backup users.

NOTE  Teams Backup is disabled by default. While there is no additional cost for running Teams Backups, you must enable this feature manually. To enable Teams Backup, click to enable the toggle. You are then redirected to the consent screen for your tenant to add the permissions needed to enable Teams Backup. Once enabled it may take up to an hour for the permissions to be applied by Azure. For details, see Protecting Teams Channel Conversations.

  • For SharePoint Backup, choose whether to automatically backup all site collections. This ensures that newly added site collections are protected automatically. (To manually enable or disable backup of specific site collections, see To select site collections to back up.)
  • If Teams Backup is enabled, choose whether to automatically backup all Teams channels. This ensures that newly added channels are protected automatically. (To manually enable or disable backup of specific channels, see To select Teams channels to back up.)

Security settings display below the backup tiles. Review and modify these settings as needed:

  • Encryption Key – Shows whether backups are encrypted using Spanning encryption keys or self-managed encryption keys. To change this setting, contact KaseyaOne support.
  • API Token – Shows whether your account has an active API token.
    • If you'd like to access the Spanning Backup for Microsoft 365 API, you can enable your API token by clicking Generate API Token. Copy and save the token. You will need to supply this token for all API calls. For details on working with the Spanning API, see Spanning Backup for Office 365 API. If you are a Windows PowerShell user, you can use PowerShell to call the Spanning API, as described on the Spanning GitHub site.
    • If you do not want access to the API, click Revoke API Token.
      Screenshot of the security settings showing encryption key and API token options

Use these procedures to configure notifications:

Daily status notifications provide details about the backups performed in a 24-hour period. Global Admins or Spanning Admins can navigate to the settings page to enable or disable daily status notifications and also modify the email recipients list. Any changes to the email recipient list are also tracked in the Past items on the Activity page. By default, the installer of Spanning Backup of Microsoft 365 is added to the recipient list for daily status notifications.

To enable or disable status notifications:

  1. Log into Spanning Backup for Microsoft 365 as an admin user.
  2. In the Status Summary Emails section on the Settings > Notifications tab:
    • Enabled toggle indicates notifications are enabled
    • Disabled toggle indicates notifications are disabled
  3. Do any of the following:
    • Click Enabled toggle to disable notifications.
    • Click Disabled toggle to enable notifications.
    • Click Add + to add an email recipient.
    • Click X to remove an email recipient.
      Screenshot of the daily status email notification settings

For more on the daily status email, see this article: How do daily status notifications work in Spanning Backup for Microsoft 365?

Error Only Email enables external workflows for systems like BMS, ConnectWise, and Microsoft Power Automate. Any service that can take action on an inbound email can make use of Error Only Email. Use this procedure to configure an external address for receiving a plain text Error Only Email.

  1. Log into Spanning Backup for Microsoft 365 as an admin user.
  2. In the Error Only Email section on the Settings > Notifications tab, ensure that the feature toggle is enabled. If needed, click to enable the feature.
    • Enabled toggle indicates the feature is enabled.
    • Disabled toggle indicates the feature is disabled.
  3. Click Add + to add email recipients.
  4. (Optional) Modify the maximum number of errors to report daily by entering a new Flood Protection Quantity.
  5. (Recommended) Click Send Test Email to send a test email to the addresses in the list. This is useful for workflow testing.
  6. Click Save.
    Screenshot of the Error Only Email notification settings

In addition to unlimited retention, Spanning Backup for Microsoft 365 offers flexible tenant-wide retention for Mail, Calendar, Contacts, OneDrive, SharePoint, and Teams. If your organization requires backup retention rules that reflect your legal retention requirements, contact Support to enable this feature. Retention is based on the content's last modified date. Duration can be set differently for different workloads.

To view your retention settings, select the Settings > Retention tab.
Screenshot of the Retention settings tab

NOTE  To change these settings, contact KaseyaOne support.

Use this tab to manage Spanning user roles and permissions. Spanning Backup for Microsoft 365 includes these user roles:

  • Non-Admin User – The Spanning admin configures the permissions that are applied to their non-admin users. Depending on the configuration, users may be able to log into Spanning Backup and export their own backups. For details, see To configure Non-Admin Users.
  • Microsoft 365 Global Administrator – All Microsoft 365 Global Administrators are Spanning Administrators, who have full rights and privileges over all end users and other admins. Super Administrators can add any licensed Spanning user as a Spanning Administrator.
  • Spanning Administrator – Spanning Administrators have full rights and privileges over all end users and other admins.

See these topics for details on working with user roles and permissions:

Configure Non-Admin Users settings by choosing whether to allow your end users to:

  • Log in and use Spanning Backup for Microsoft 365.
  • Export their own data.
    Screenshot of the Non-Admin Users settings

Review your Backup Administrators settings. If needed, add or remove Spanning Administrators and as shown below.

To add a Spanning Administrator:

  1. Choose a user from the Spanning Administrators Select list.

NOTE  If you don't see your user in the list, license the user (see To assign licenses via the interface).

  1. Click Add Admin. Admin privileges are applied to the user.
    Screenshot of the Spanning Administrators section showing the Add Admin button

To remove Admin privileges from a user, locate the user in the Spanning Administrators list and click the user's X. Click OK to confirm. Admin privileges are removed from the user.
Screenshot of the Spanning Administrators section showing the remove admin option

Use this tab to manage integrations with other Kaseya modules.
Screenshot of the Settings Integrations tab

You can opt to:

  • Configure the Login with IT Complete setting to enable single sign-on to Spanning Backup for Microsoft 365 from VSA or UniView.
  • Configure both the Login with IT Complete and KaseyaOne Integration settings to enable seamless authentication to Spanning Backup for Microsoft 365 via KaseyaOne Unified Login. KaseyaOne Unified Login makes management of the Kaseya product line significantly easier for Managed Service Providers, SMBs and MMEs who use multiple Kaseya products. This alternate authentication also removes the requirement for Microsoft 365 Administrators to provide additional credentials to partners who manage their backups, further securing their Microsoft 365 tenants.

See these topics for details:

IT Complete single sign-on (SSO) enables administrators to log into Spanning Backup with their VSA, UniView, or KaseyaOne credentials:

  • If you are using VSA or UniView for multi-tenant management with Spanning Backup for Microsoft 365, enabling SSO from those applications is recommended to further secure your Microsoft 365 tenants and simplify account management. Start by ensuring that the Microsoft 365 tenant has been added to your UniView or VSA instance as described in Check for the Microsoft 365 tenant in UniView or VSA. Then enable Login with IT Complete as described in To enable Login with IT Complete for UniView or VSA.

  • To use KaseyaOne Unified Login for seamless authentication to Spanning Backup for Microsoft 365, see the To integrate KaseyaOne procedure to enable Login with IT Complete and configure Unified Login.

Before you enable IT Complete single sign-on, you must ensure that the Microsoft 365 tenant has been added to your UniView or VSA instance. For details, see the instructions below for the applicable VSA or UniView environment.

In VSA 10:

  1. Navigate to Modules > Integrations > Unitrends Backup and log into the UniView Portal.
  2. Navigate to the Dashboard > Spanning > Microsoft 365 tab and verify that your Microsoft 365 tenant displays in the list:
    Screenshot of the UniView Portal Microsoft 365 tenant list

If your tenant does not display in the list, add it as described in this topic in the UniView Portal Guide: Integrating a Microsoft 365 tenant.

In VSA 9:

  1. Select the SaaS Backup > Customers page.
  2. On the Microsoft 365 tab, verify that your Microsoft 365 tenant displays in the Company Name list:
    Screenshot of the VSA 9 SaaS Backup Customers page showing the Microsoft 365 tenant list

If your tenant does not display in the list, click Add Customer to add the tenant.

In the UniView Portal (2.0):

  1. Navigate to the Dashboard > Spanning > Microsoft 365 tab.
  2. Verify that your Microsoft 365 tenant displays in the list:
    Screenshot of the UniView Portal Microsoft 365 tenant list

If your tenant does not display in the list, add it as described in this topic in the UniView Portal Guide: Integrating a Microsoft 365 tenant.

In UniView 1.0:

  1. Select the SaaS Backup > Customers page.
  2. On the Microsoft 365 tab, verify that your Microsoft 365 tenant displays in the Company Name list:
    Screenshot of the UniView 1.0 SaaS Backup Customers page showing the Microsoft 365 tenant list

If your tenant does not display in the list, click Add Customer to add the tenant.

IMPORTANT  Before running this procedure, ensure that the Microsoft 365 tenant has been added to your UniView or VSA instance as described in Check for the Microsoft 365 tenant in UniView or VSA.

  1. Log into Spanning Backup for Microsoft 365 as an admin user.
  2. On the Settings > Integrations tab, enable the Login with IT Complete toggle.
    • Enabled toggle indicates the feature is enabled.
    • Disabled toggle indicates the feature is disabled.
      Screenshot of the Login with IT Complete toggle on the Integrations settings tab
  3. Log into your VSA or UniView instance and locate the tenant you just enabled for Login with IT Complete. Click the tenant's Manage icon icon to connect to your Microsoft 365 tenant in Spanning Backup.
  • In VSA 10: Navigate to Modules > Integrations > Unitrends Backup and log into the UniView Portal. Locate your tenant on the Dashboard > Spanning > Microsoft 365 tab. Click Manage icon.
    Screenshot of the manage tenant button in VSA 10 or UniView Portal 2.0
  • In VSA 9: Navigate to the SaaS Backup > Customers page. Locate your tenant on the Microsoft 365 tab. Click Manage icon.
    Screenshot of the manage tenant button in VSA 9
  • In the UniView Portal (2.0): Locate your tenant on the Dashboard > Spanning > Microsoft 365 tab. Click Manage icon.
    Screenshot of the manage tenant button in VSA 10 or UniView Portal 2.0
  • In UniView 1.0: Navigate to the SaaS Backup > Customers page. Locate your tenant on the Microsoft 365 tab. Click Manage icon.
    Screenshot of the manage tenant button in UniView 1.0
  1. You are logged into Spanning Backup with your VSA or UniView account.

NOTE  While logged in to Spanning Backup through IT Complete, all activity is audited and listed on the Activity page under your VSA or UniView identity.

IMPORTANT  Running this procedure disables these features: SSO from UniView, SSO from VSA, and KaseyaOne Unified Login. Users that had been accessing Spanning Backup with their UniView, VSA, or KaseyaOne credentials will need to log in with their Spanning Backup credentials. Ensure that your Spanning Backup users are prepared before making this change.

  1. Log into Spanning Backup for Microsoft 365 as an admin user.
  2. On the Settings > Integrations tab, disable the Login with IT Complete toggle.
    • Disabled toggle indicates the feature is disabled.
    • Enabled toggle indicates the feature is enabled.
      Screenshot of the Login with IT Complete toggle disabled on the Integrations settings tab

As a Kaseya customer, you may be subscribed to more than one of our IT Complete modules. Rather than keeping track of different sets of login credentials for each module, you can use KaseyaOne's Unified Login feature so that users can access their modules by using a single KaseyaOne account.

To enable seamless authentication to Spanning Backup for Microsoft 365 via KaseyaOne Unified Login, use these steps to link your Microsoft 365 tenant to your KaseyaOne organization:

NOTE   This procedure requires Microsoft 365 Global Administrator credentials and KaseyaOne Master role credentials.

  1. Log into Spanning Backup for Microsoft 365 as a Global Administrator.
  2. On the Settings > Integrations tab, enable the Login with IT Complete toggle.
    • Disabled toggle indicates the feature is disabled.
    • Enabled toggle indicates the feature is enabled.
  3. In the KaseyaOne Integration tile, click Link Organization. You are redirected to the Microsoft 365 Login page.
    Screenshot of the KaseyaOne Integration tile with the Link Organization button
  4. Log into Microsoft 365 with your Global Administrator account. You are redirected to the KaseyaOne Login page.
    Screenshot of the Microsoft 365 sign-in page
    Screenshot of the Microsoft 365 permissions page
    Screenshot of the Microsoft 365 permissions page
    Screenshot of the Microsoft 365 permissions page
  5. Log into KaseyaOne as a Master role user.
    Screenshot of the KaseyaOne sign-in page
    Screenshot of the KaseyaOne authentication page
    Screenshot of the KaseyaOne authentication completion
  6. You are redirected to Spanning Backup, where you can see that the integration has been added.
    Screenshot of the Settings Integrations tab showing the KaseyaOne integration added

NOTES  
  • After the integration is added, any KaseyaOne user with access to Spanning Backup for Microsoft 365 can log into the Spanning tenants that are linked to this KaseyaOne instance. (See these KaseyaOne topics for more on how to set up access to Spanning Backup for KaseyaOne users: Spanning system groups and Modify a group.)
  • While logged in to Spanning Backup through KaseyaOne Unified Login, all activity is audited and listed on the Activity page under the user's KaseyaOne identity.

IMPORTANT  Running this procedure disables KaseyaOne Unified Login. Users that had been accessing Spanning Backup with their KaseyaOne credentials will need to log in with their Spanning Backup credentials. Ensure that your Spanning Backup users are prepared before making this change.

  1. Log into Spanning Backup for Microsoft 365 as a Global Administrator.
  2. On the Settings > Integrations tab, click X in the KaseyaOne Integration tile to unlink the organization.
    Screenshot of the KaseyaOne Integration tile with the remove integration option

From the UniView Portal, you can manage all of your Unitrends Unified Backup products in one centralized location, streamlining your workflows to maximize efficiency. Integrating your Microsoft 365 tenant enables you to check the status of the tenant's recent backups, receive alerts for failed or partial backups, allocate licenses, upgrade from a Spanning trial to a paid subscription, and view license and storage information— right from UniView.

To get started, use the UniView Portal interface to add the Spanning Backup integration, as described in Integrating a Microsoft 365 tenant. Once your tenant has been added, information is synced hourly from Spanning Backup. Use the UniView Portal to work with this data, as described in Working with the Microsoft 365 view.

Don't have access to the UniView Portal? Contact your Account Manager or Support to set up your free account.

Using the legacy UniView 1.0 Portal? Use the procedure below to migrate to UniView Portal 2.0.

NOTE  You must be running UniView Portal 2.0 to integrate Spanning Backup. Integration is not supported for the legacy UniView 1.0 Portal.

Use this procedure to migrate from your VSA 9 TAP module or from your stand-alone UniView Portal 1.0 instance.

  1. Contact your Account Manager or Support to set up your free UniView Portal 2.0 account.

IMPORTANT  Do not proceed with this migration procedure until your UniView Portal 2.0 account has been created.

  1. Log into VSA 9 or your stand-alone UniView Portal 1.0 instance as an admin user.

  2. Go to the SaaS Backup module, then select Customers.

  3. Click Migrate to initiate the migration process.
    Screenshot of the Migrate button in the VSA 9 SaaS Backup moduleScreenshot of the Migrate button in UniView Portal 1.0

  4. You are directed to UniView Portal 2.0. Log in to start migrating your clients.

  5. The migration process can take anywhere from one to 24 hours to complete for all clients. When migration is complete, get started with UniView Portal 2.0 by adding your Microsoft 365 tenants as described in Integrating a Microsoft 365 tenant.