Skip to main content

New resource default backup policy

Alcion allows administrators to configure backup protection for the resources it has already discovered.

This works well for initial configuration, but would require administrators to come back to Alcion to make configuration changes every time a new resource is discovered. This is both labor intensive and may lead to gap in backup protection in larger environments where resource provisioning is automated and doesn't always happen as a result of direct administrative action.

To address this pain point, Alcion allows administrators to set a backup policy that applies automatically whenever Alcion discovers a new resource. This setting is available, and independently configurable, from the Alcion UI page for each resource type.

info

Setting a default new resource backup policy doesn't impact any existing resources and their configuration, but only applies to newly discovered resources.

New user default backup policy by groups

For user resources, Alcion also allows setting up default policies based on membership in Microsoft 365 groups. When a default policy is set for a group, whenever Alcion performs resource discovery any resources that are newly discovered for the group will automatically get the default policy.

To prevent accidentally removing protection, Alcion doesn't remove a policy from a resource based on group membership changes.

Alcion will automatically provision licenses when resource types which require a license get a policy which allows them to be protected.

info

Setting up a default new user policy for a group, doesn't impact any users already in the group, but only applies to users that are newly discovered for the group.

New user default backup policy precedence

When different new user default policies are applied to groups, it's possible that the same new user is discovered in more than one of these groups. To disambiguate which default policy to apply, Alcion uses the precedence associated with each policy assignment. The user resource gets the policy with the highest precedence (lowest precedence number). The Alcion UI shows the groups and their associated new user default policies in order of precedence.

To illustrate the concept with an example, consider the configuration from the screenshot below. Although any user discovered by Alcion belongs to the All Users group, new users in the Finance and Legal groups will get a different policy with 7-year retention since these groups have higher precedence. Similarly any member of the Contingency Staff group will have the Excluded policy and won't be enabled for backups since that assignment has higher precedence than the All Users policy.

Default policy precedence exampleDefault policy precedence example

When a new user default policy is assigned to a group, the latest assignment automatically gets the highest (number 1) precedence. The UI also allows rearranging the precedence by dragging the groups.

note

For a given resource, the precedence rules are re-evaluated whenever the resource is newly discovered in any group with an assigned default policy. This means that if an administrator adds a users to a new group with a default, the user may not get the default policy associated with this specific group if the user also belongs to group with a higher precedence.

Bulk policy management

Alcion also allows bulk management of backup policies for existing resources. This can be done as follows:

  • Set All Backup Policies - for non-user resources, a chosen backup policy can be applied across all discovered resources of a given type with the exception of resources that are explicitly configured with the Excluded backup policy.

  • Set Policies By Group - for user resources, a chosen backup policy can be applied to one or more groups. The groups available for policy targeting are Microsoft 365 Groups (with or without a Team) and Microsoft Entra ID security groups. The policy will be applied on all users that are direct or transitive members of a selected group with the option to skip users that are explicitly configured with the Excluded backup policy.

  • Targeted Multi-Select - for all resource types, even more precise policy application can be performed by multi-selecting a subset of the resources listed on a page or returned by search.