I've used Active Backup and never would have guessed it worked like that. Although, the MS365 security and permissions are so complex that I don't have a hope in hell of understanding them. The suggestions to do your own auditing in that post are moot because the target audience for something like a Synology doesn't have the resources or the ability to do that kind of assessment.
For me, I saw the permissions request along with the 'Synology Active Backup for MS365' app registration in my tenant and assumed everything was local to my tenant and NAS. The redirect back to the private LAN IP of the NAS also makes it seem like the communication is between the NAS and MS only.
I can't even tell if the issue has been fixed.
Ignoring the security stuff, my experience with Synology Active Backup for MS365 as a product hasn't been good for OneDrive backups. I have one setup where I reconcile the backup repo against a live (paused to get a consistent point in time) data set that's synced by the OneDrive client.
The Synology Active Backup for MS365 never reconciles correctly. Some files will randomly have things like '(1)' appended. Some files are simply missing. It seems to struggle with certain characters that Windows and OneDrive allow in filenames. For example, dots (.) appear to be problematic.
I monitor it and once it gets to the point where I think we'd suffer an intolerable amount of data loss if needing to restore, I delete it and restart it.
I would strongly encourage anyone relying on it to take the time to reconcile your OneDrive backups against a set of known good data. Pause your OneDrive syncing, restore the backup into a temporary folder, and use something like Beyond Compare [2] to compare the two directories. You can also map a network drive directly to storage location on the NAS which makes it very convenient to reconcile.
VEEAM used to have the same kind of issues with files missing for no reason, but they seem to be better lately if you ignore the way they append the version number to name of every (versioned) file restored (OMG why?). VEEAM has very slow restores and is much more difficult to reconcile due to the modified file names on restore.
Microsoft won't take responsibility for data loss "in the cloud" and the backup solutions all suck pretty bad IMO. Some of the blame for this kind of thing should fall to Microsoft. They've made everything too complex to be reliable.
I've used Active Backup and never would have guessed it worked like that. Although, the MS365 security and permissions are so complex that I don't have a hope in hell of understanding them. The suggestions to do your own auditing in that post are moot because the target audience for something like a Synology doesn't have the resources or the ability to do that kind of assessment.
For me, I saw the permissions request along with the 'Synology Active Backup for MS365' app registration in my tenant and assumed everything was local to my tenant and NAS. The redirect back to the private LAN IP of the NAS also makes it seem like the communication is between the NAS and MS only.
I can't even tell if the issue has been fixed.
Ignoring the security stuff, my experience with Synology Active Backup for MS365 as a product hasn't been good for OneDrive backups. I have one setup where I reconcile the backup repo against a live (paused to get a consistent point in time) data set that's synced by the OneDrive client.
The Synology Active Backup for MS365 never reconciles correctly. Some files will randomly have things like '(1)' appended. Some files are simply missing. It seems to struggle with certain characters that Windows and OneDrive allow in filenames. For example, dots (.) appear to be problematic.
I monitor it and once it gets to the point where I think we'd suffer an intolerable amount of data loss if needing to restore, I delete it and restart it.
I would strongly encourage anyone relying on it to take the time to reconcile your OneDrive backups against a set of known good data. Pause your OneDrive syncing, restore the backup into a temporary folder, and use something like Beyond Compare [2] to compare the two directories. You can also map a network drive directly to storage location on the NAS which makes it very convenient to reconcile.
VEEAM used to have the same kind of issues with files missing for no reason, but they seem to be better lately if you ignore the way they append the version number to name of every (versioned) file restored (OMG why?). VEEAM has very slow restores and is much more difficult to reconcile due to the modified file names on restore.
Microsoft won't take responsibility for data loss "in the cloud" and the backup solutions all suck pretty bad IMO. Some of the blame for this kind of thing should fall to Microsoft. They've made everything too complex to be reliable.
1. https://oauth.net/2/grant-types/client-credentials/
2. https://www.scootersoftware.com/