Creating a new connection to SharePoint
CodeTwo Backup allows you to connect to multiple SharePoint servers, both online (Office 365) and on-premises. You can configure the connection when creating a new backup job or directly from the program’s Dashboard, by clicking the Settings button (
) on the Defined server connections card and selecting New > SharePoint connection (Fig. 1.).
Fig. 1. Creating a new SharePoint connection.
The SharePoint connection wizard will open (Fig. 2.). In the Server location step of the wizard, you can choose between connecting to:
Fig. 2. The SharePoint connection wizard.
Once you make your selection, click Next to proceed.
Connecting to SharePoint Online (Office 365)
In the Office 365 cloud step, select if you want to connect to the Office 365 global (or simply Office 365) or Office 365 Germany cloud (Fig. 3.). Since Office 365 and Office 365 Germany are completely independent clouds, it is not possible to use the Office 365 credentials to log in to Office 365 Germany and vice versa. If your SharePoint server URL ends with .de, for example https://<my-company>.sharepoint.de, you’re using the Office 365 Germany cloud. Read more about Office 365 Germany.
Fig. 3. Selecting the Office 365 cloud.
In the Server address step, you need to provide the URL to your SharePoint Online organization. You can simply replace <mycompany> in the SharePoint server URL field with the actual name of your domain (also known as the organization's name). For example, if your domain name is company.onmicrosoft.com or company.com, SharePoint server URL is https://company.sharepoint.com (Fig. 4.). The Admin center URL field will be populated automatically, based on your SharePoint server URL.
Fig. 4. Providing URLs of your SharePoint Online site.
In the next step, enter the credentials of an Office 365 admin account (Fig. 5.). This account will be used to connect to your SharePoint site, so it needs to have appropriate access rights. Make sure that this account is assigned the SharePoint administrator role.
Fig. 5. Providing an Office 365 admin credentials.
Important
If this admin account has multi-factor authentication (MFA) enabled, use the app password instead of the regular Office 365 password. Otherwise, the configuration will fail. Learn more.
The connection to SharePoint Online is additionally secured by the OAuth 2.0 authorization protocol. Because of that, you need to register the program in Azure Active Directory of the Office 365 tenant whose SharePoint and OneDrive for Business data you want to back up. The registration can be performed:
- Automatically by CodeTwo Backup,
- Manually in the Azure Active Directory admin center.
Automatic registration
In the Application registration step of the connection wizard, select Automatic registration and click Log in as Office 365 admin (Fig. 6.).
Fig. 6. Automatic registration of CodeTwo Backup in Azure AD.
On the Microsoft sign-in page, enter the credentials of your Office 365 tenant's global admin account. When prompted, grant the required permissions to CodeTwo Backup. These are necessary for the program to be able to back up and restore data from and to your SharePoint Online and OneDrive for Business environment (Fig. 7.).
Fig. 7. Granting the necessary permissions to CodeTwo Backup.
CodeTwo Backup will be registered as CodeTwo Backup SharePoint in your Azure AD and signed with a unique certificate.
Important
A new CodeTwo Backup SharePoint entry will be registered in your Azure AD each time you configure a new connection to Office 365 by using the Automatic registration option. To avoid having multiple registration entries in your tenant, edit the existing connection. If you now select the Manual registration option, all the necessary registration details will be filled out in the Application details step.
The CodeTwo Backup SharePoint registration entry will remain in your Azure AD even if you delete the server connection that has created this entry, or if you uninstall the program from your machine. If you want to delete the CodeTwo Backup SharePoint entry, you need to do so manually by following these steps.
Manual registration
You can register CodeTwo Backup manually in your Azure Active Directory by following the steps provided in this Knowledge Base article. Once done, select Manual registration in the Application registration step of the server connection wizard (Fig. 8.) and click Next.
Fig. 8. Select this option if you want to register CodeTwo Backup in your Azure AD by yourself.
In the Application details step, provide the following information:
- Dedicated application account – the email address of any user from your Office 365 tenant. This account is used get the necessary information about the tenant (name, domain, etc.).
- Client ID – a unique identifier (GUID) assigned to CodeTwo Backup after the program has been registered in your Azure AD. To get this ID, log in to the Azure Active Directory admin center, go to Azure Active Directory > App registrations and select the entry under which you have registered CodeTwo Backup. The ID is found on the Overview page, under Application (client) ID (Fig. 9.).
- Tenant ID – a unique identifier (GUID) assigned to your Office 365 tenant. You can find it on the same Overview page as shown in Fig. 9., under Directory (tenant) ID.
- Certificate thumbprint or Client secret generated in Azure AD to authenticate CodeTwo Backup. You need to provide only one of these credentials. You can add or view certificates and client secrets (app passwords) in the Azure Active Directory admin center, on the Certificates & secrets page of the registered application (Fig. 10.).
Fig. 9. The client and tenant ID assigned to CodeTwo Backup in Azure AD.
Fig. 10. The location of a certificate thumbprint (A) and client secret (B) in Azure AD.
To be able to use a certificate, it needs to be signed with a 2048 bits key and placed in the CurrentUser\My store of the account under which the CodeTwo Backup Service runs. You can use the Import button to install the certificate in the correct store (use the Import certificate window for that purpose, as shown in Fig. 11.). If the certificate is already installed in that store, you can simply provide its thumbprint in the Certificate thumbprint field.
Fig. 11. Importing the certificate associated with CodeTwo Backup.
Client secret is generated in the Azure Active Directory admin center for each registered application, on the Certificates & secrets page (see Fig. 10. above). Be sure to copy it to the clipboard and paste in the right field in the server connection wizard (Fig. 12.). You will not be able to see (or copy) that credential once you leave the Certificates & secrets page.
Fig. 12. Application registration details filled out in the SharePoint connection wizard.
In the last step, Configuration, the program will attempt to connect to your SharePoint server based on the data provided in the previous steps of the wizard. Click Configure and wait for the results (Fig. 13.). During this process, the program is registered in your AD (if you have chosen the Automatic registration option) and tries to enumerate SharePoint site collections and connect to one of them.
Fig. 13. The window informing about a successful connection to SharePoint Online.
If you get any errors instead, consult the Troubleshooting section.
Important
After closing the connection wizard, you also need to click OK in the Manage server connections window (Fig. 14.) to save your connection. This will automatically close the window and store your settings. Otherwise, the connection will not be saved, and you will have to start from the beginning.
Fig. 14. Confirming the connection settings.
Click Finish to close the wizard. Your connection will be listed on the Defined server connections card.
Connecting to on-premises SharePoint server
In the Server address step, you need to specify your SharePoint server URL (Fig. 15.). The URL must include the (http or https) and FQDN (fully qualified domain name) of your server, e.g. https://sharepoint_server.com. The Central Administration URL field will be populated with data from the SharePoint Server URL field. You just need to provide the port number of the SharePoint Central Administration web application.
Info
This port number is configured when deploying SharePoint on your server.
Fig. 15. Providing SharePoint server URL.
In the next step, provide the server’s administrator User Principal Name (UPN) and password (Fig. 16.). Enter the UPN manually or select it from your Active Directory by clicking the Browse button.
Important
The Browse button can only be used to list the UPNs of administrators from the same domain or from different trusted domains. If you want to use a UPN from an untrusted domain, you will have to type it manually.
Keep in mind that this admin must fulfill specific requirements and have certain access rights. Learn more.
Fig. 16. Providing admin’s credentials.
In the last step, Configuration, the program will attempt to connect to your SharePoint based on the data provided in previous steps of the wizard. To start the verification process, click Configure. During this process, the program tries to enumerate site collections with PowerShell and connect to any SharePoint site collections and Central Administration service. If the configuration is successful, you will see the following information (Fig. 17.):
Fig. 17. The window informing about a successful connection to on-premises SharePoint server.
If you get any errors instead, consult the Troubleshooting section.
Important
After closing the connection wizard, you also need to click OK in the Manage server connections window (Fig. 18.) to save your connection. This will automatically close the window and store your settings. Otherwise, the connection will not be saved, and you will have to start from the beginning.
Fig. 18. Confirming the connection settings.
Click Finish to close the wizard. Your connection will be listed on the Defined server connections card.