Skip to main content
Get started with Groups Data Protection

Protect Groups and its sub-apps data

Updated yesterday

License editions : To understand the applicable license editions, see Plans & Pricing .


With the increasing adoption of Groups for easy collaboration, it is essential to safeguard this critical data from corruption, compromise, or loss. To safeguard your Group data, Druva cloud is the perfect solution. It ensures the integrity of data by protecting it from ransomware and providing hassle-free backup and recovery.

πŸ’‘ Tip

Refer to the video-based Quick Reference Guide to get started with Groups.


Let's look at the benefits of using the Druva cloud for group data protection.

  • Recover the Group data and avoid any business disruptions caused by data loss in case of accidental deletion or ransomware attack.

  • Auto-configuration and retention settings that help reduce time and efforts to protect Group data.

  • One-time configuration to secure, manage, track, monitor, and get notified of compliance risks of group data in your organization.

Supported Microsoft 365 editions

Druva Cloud supports the following Microsoft 365 editions:

  • Microsoft 365 For Business

    • Microsoft 365 Business Basic

    • Microsoft 365 Business Standard

    • Microsoft 365 Business Premium

  • Microsoft 365 For Enterprise

    • Microsoft 365 E3

    • Microsoft 365 E5

    • Microsoft 365 F3

  • Office 365 For Enterprise

    • Office 365 E1

    • Office 365 E3

    • Office 365 E5

  • Government

    • Office 365 E1

    • Office 365 E3

    • Office 365 E5

  • Education

    • Office 365 A1

    • Office 365 A3

    • Office 365 A5

Data backed up for Groups

The data backup is supported for the following group types:

  1. Microsoft 365 groups

  2. Distribution groups

  3. Security groups

  4. Mail-enabled security groups

Private and public group data are also backed up.

The backup includes the following components:

Groups Metadata

Name, email, type, membership type, privacy, created on, members and owners, groups settings, the sensitivity label

πŸ“ Note

  • The owners of distribution groups and mail-enabled security groups are not backed up.

  • The Microsoft 365 group user context property isSubscribedByMail is not backed up.


All sites and subsites content, document libraries, lists, pages, and all metadata.


Planner settings include Pin/unpin settings, Backgrounds, Groups, Group Descriptions, Privacy, Sensitive Labels, and Group email settings.

πŸ“ Note

Graph API does not support the backup of Background and Notification Settings from the Planner Settings.

Supported tasks for Groups

The following table displays the various tasks that you can perform for Groups by using Druva Cloud:

Required roles and permissions for access to Groups

For more information about the required permissions to access and protect Group data, see Microsoft 365 App Permissions for Druva App.

Unified data protection for Groups and Teams

Groups serve as the parent app to streamline the backup and restore process, while SharePoint and Teams are associated with it as their sub-apps. This means that while you back up or restore Groups data, any associated SharePoint sites and Teams data, including private channels and sites, are also included.


Backup and retention settings

The backup and retention settings with respect to unified data protection are explained below.

What happens to the existing configuration post-upgrade?

  • By default, the backup and retention settings specified at the Microsoft 365 Group level will automatically apply to the Teams and SharePoint sites associated with that group. This applies to both Teams Sites and Private Channel Sites.

  • The current backup and retention settings defined in the Microsoft 365 Group Auto-Configuration will be applied to the associated Teams and SharePoint sites.

  • Individual Sites and Teams with custom backup settings (backup frequency & retention settings) will follow the backup settings of the associated Group.

  • Inclusions and Exclusions defined at Group and Teams site backup settings will be retained.

  • Data Lock settings will be retained.

What changed?

  • The backup frequency and retention settings specified for Groups will also be applicable to the associated SharePoint sites and Teams.

  • The configuration settings specified in Groups cannot be modified in SharePoint and Teams. However, if a SharePoint site or Team is not associated with a Group, its settings can be configured from SharePoint and Team.

  • Only configured Groups can be enabled and disabled, and consequently, their associated SharePoint sites and Teams will also be enabled and disabled.

  • Configured and non-configured Groups can be deleted; however, the associated SharePoint sites and Teams will be deleted only for the configured Groups. The associated SharePoint sites and Teams will not be deleted for non-configured Groups.

  • If you enable Data lock for the parent Groups, it will also be enabled for the associated SharePoint sites and Teams.

  • Enable, Disable, and Delete operations will not be available at the Teams or Site Level if the parent Group is configured for backup.

What remains unchanged?

  • The backup configuration for SharePoint sites will not change if no parent Groups or Teams are configured for backup. SharePoint sites can be configured for backup independently, and configuration at the individual site level is applicable.

  • There is no change to the app-wise backup monitoring and restore workflows.

Groups and sub-apps behavior in inSync

The following table explains different workflows related to Groups and their associated Teams and SharePoint sites.

1. Discovery

Groups: All Groups are discovered

Teams: Associated Teams are discovered

SharePoint: Associated SharePoint sites are discovered

πŸ“ Note

  • For a multigeo-enabled tenant, the SharePoint site URL will not be updated when a group is moved to another region after the group discovery; it will be updated only through SharePoint discovery.

  • If you rename the Private Channel Site from Microsoft 365, it will not be renamed on inSync after group discovery.

  • If you are adding a new private channel site on Microsoft 365, it will not be discovered through group discovery.

2. Configuration

Groups: All Groups are configured

Teams: Group configuration will override Teams configuration

SharePoint: Group configuration will override SharePoint configuration

3. Data Lock

Groups: The group is data-locked

Teams: Group settings will be applied

SharePoint: Group settings will be applied

πŸ“ Note
If a Team or a site is configured with data lock enabled and you configure the parent Group with data lock disabled, then the Team or site remains data locked.


4. Schedule, Retention, Include-exclude settings

Groups: Teams settings will be applied

Teams: The Group settings will be applied

SharePoint: TheGroup settings will be applied

5. The group is not configured

Groups: The Group is configured

Teams: Teams settings will be applied. If the Team is not configured, SPO settings will be applied.

6. Enable, disable, delete

Groups: Group is marked enabled, disabled, and deleted

Teams: Associated Teams will be marked enabled, disabled, and deleted respectively

SharePoint: Associated SPO sites will be marked enabled, disabled, and deleted respectively


Did this answer your question?