SkyKick - Cloud Backup Storage and Access

Note:
The information contained in this article has been provided by Cloud Direct's partner, SkyKick.

 

Where is the data stored?

Data is stored on Azure. If SkyKick's Azure storage is selected, you can select the location of the data centre where the backup will be housed, including US, Australia, Canada, Europe, Hong Kong, Japan, and Singapore. Partners who select another Azure storage can determine the data centre for each backup customer.

 

How Does Cloud Backup Use Global Admin Rights?

Global Admins for SharePoint and OneDrive for Business have the authority to grant themselves explicit access to all SharePoint Site Collections and OneDrive for Business Accounts. When a partner provides Global Admin Credentials when setting up SkyKick Cloud Backup, SkyKick technology uses that authority to explicitly grant the Global Admin access to all site collections and OneDrive for Business accounts that are included in the Cloud Backup subscription. This access is extended to any artefact which inherits permissions from that site collection and is necessary to enable the backup to occur.

 

Unlicensed Global Administrator Service Accounts Created by Cloud Backup

Purpose of the Global Admin Service Accounts

To improve backup and restore performance, Cloud Backup creates and uses unlicensed Global Administrator accounts. These reduce the impact of Office 365 throttling that occurs when too many simultaneous connections are made to a single tenant from the same user.

Note:
These accounts do NOT consume any licenses and thus do not cost anything, in either Office 365 or Cloud Backup.

 

Account Name

Display Name

Backup

zzO365BackupServiceAdmin@[tenantname].onmicrosoft.com

zz O365 Backup Service Admin

Restore

zzO365RestoreServiceAdmin@[tenantname].onmicrosoft.com

zz O365 Restore Service Admin

The number of these accounts that are created depends on the number of mailboxes, SharePoint sites, and/or OneDrive for Business accounts in the tenant at the time of the backup or restore.

Important:
These accounts, including their passwords, are created, used, and managed by the Cloud Backup service. Please do not change the email addresses, passwords or delete for these accounts. This will make them inaccessible to Cloud Backup, resulting in Alerts and a call to Support to resolve.

Visibility of the Global Admin Service Accounts

The Display Name of the Global Admin will be listed as an owner of every item that is being backed up. This may result in confusion when end users see the Global Admin suddenly appear as an owner of an item. It is therefore recommended that partners inform customers of this expected result and explain that it neither changes overall permissions nor grants access that was previously not authorized.

How to Provide a Custom Display Name for the Global Admin Service Accounts

You can further reduce end user confusion by creating a custom Display Name for the zz O365 Service Admins.

For new subscriptions: On the Add Subscriber page, in the System Credentials section, enter the desired display name in the Cloud Backup administrator (optional) field.

For previously created subscriptions: On the Settings page, in the System Credentials section, click the edit icon (pencil) in the upper right corner, and enter the desired display name in the Cloud Backup administrator (optional) field.

 

What kind of data security does SkyKick Cloud Backup offer?

Because your data never leaves the Azure environment you maintain all the inherent security of Azure. The data is encrypted at 128-bit during transit and 256-bit at rest within the Azure environment. For more information, see Cloud Direct knowledge article, KB0012368, SkyKick - Cloud Backup Security.