Data owner restore protection

Bacula Systems is aware about one of many privacy concerns that may arise when tools like this M365 Plugin enables the possibility to backup and restore data coming from different users, so the backup administrator can restore potentially private data at will. To address this concern, Bacula Enterprise Microsoft 365 Plugin includes the Owner restore protection feature.

This feature is enabled at configuration time with the parameter ‘owner_restore_protection’ (please check the Configuration section of this document for further information). Once it is enabled, any restore operation to a different user than the original owner will trigger the intervention of the owner of the data. The restore job will be paused and a message asking to enter a Microsoft 365 page and enter a code will be logged in the joblog. A similar message will also be sent via email to the affected user:

Restore Operation Request

Restore Operation Request example

If the user does not confirm the operation within 15 minutes, the restore will fail and no data will be restored. However, if the user knows that operation and wants to approve it, as soon as the owner credentials are confirmed, the restore will resume and the data will be processed as usual and restored to any configured destination.

Note

This feature is available starting with version 14.0 of Bacula Enterprise