Microsoft 365 Backups: Everything You Need to Know

Publication date: Jul 13, 2021

Last Published: Jul 22, 2021

Table of Contents
Read Time : 5 minutes

You’ve been reading about the importance of having a comprehensive backup strategy for a long time. You know that backups are essential to the continuity of your business, allowing you to recover lost data and resume normal operations after a disruption.

You also know that one of the biggest benefits of cloud services is improved business continuity since cloud vendors go to great lengths to protect customer data.

All this brings up the following question: Do you need to create Microsoft 365 backups using a third-party backup solution? The answer is not simple.

How Microsoft 365 Protects Against Data Loss?

Microsoft 365 (formerly Office 365) is a subscription-based service that includes Office apps, intelligent cloud services, and world-class security. There are plans for home users, small and medium-sized businesses, and large enterprises, and they all provide in-Geo data residency, business continuity, and disaster recovery for core customer data.

“To maintain reliability and high availability, Microsoft replicates customer data in at least two geographically distributed data center locations,” explains Julie Wang, Microsoft contingent staff.

This means that even if a major natural disaster completely destroys one data center where your data resides, your ability to do your work won’t be affected in any way because Microsoft 365 will seamlessly switch to a different data center.

Microsoft additionally implements strong measures to protect customer data from inappropriate access or use by unauthorized persons, includes restricting access by Microsoft personnel and subcontractors.

As such, you don’t really need to worry about data loss caused by one of Microsoft’s data centers experiencing a critical problem or a rogue employee sabotaging the servers your data reside on as an act of vengeance against Microsoft. All these potential data loss scenarios are comprehensively addressed, and it’s in Microsoft’s best interest to continuously validate and improve its security controls.

The situation becomes more complicated when talking about data deletion, both accidental and intentional.


6 Critical Cybersecurity Policies Every Organization Must Have

Retention Policies Are Not Backups

Many services included in Microsoft 365 have a Recycle Bin folder that makes it possible to restore deleted files for a certain amount of time since their deletion.

For example, deleted SharePoint Online items are retained for 93 days from the time you delete them from their original location, while Exchange Online retains deleted mailboxes for 30 days by default.

Microsoft 365 users can also take things a step further and manually define retention policies to preserve specific data for a set period of time, even then the data is deleted. This feature is great for businesses that are required by industry regulations, such as the Sarbanes-Oxley Act, to retain content for a minimum period of time.

To stop a rogue admin from disabling retention policies, Microsoft 365 users even have the option to activate the so-called retention lock, which locks a retention policy so that no one can turn it off.

But as useful as retention policies are, they don’t fully replace backups. Here are several reasons why:

  • They complicate compliance with the right to be forgotten requests from data protection regulations such as GDPR and California’s CCPA.
  • Point-in-time restores and the granular restoration of specific files are not always supported, as is the case with Exchange Online.
  • By relying solely on native data loss protection mechanisms included in Microsoft 365, you keep all eggs in just one basket, which goes directly against data backup best practices.
  • Retention policies can quickly cause you to use up all available storage space, forcing you to spend more money just so you can keep retaining your files.
  • Since Microsoft 365 doesn’t provide a unified data backup and recovery dashboard, there’s a substantial administrator cost associated with relying solely on its native data loss protection mechanism.

For these and other reasons, all businesses should at least consider using a third-party Microsoft 365 backup solution.

Avoid Data Loss with Third-Party Microsoft 365 Backup Solutions

While third-party Microsoft 365 backup solutions are not absolutely necessary, their benefits speak for themselves, and they include:

  • The ability to recover individual files from a specific date in the past.
  • Business continuity even during Microsoft 365 data outages.
  • The separation of your backups from your production platform.
  • Central management that simplifies administrative tasks.
  • Reduced recovery times with granular restores.

The last benefit alone makes third-party Microsoft 365 backup solutions worth their price because downtime can cost an SMB $8,000 to $74,000 per hour, according to a Ponemon Institute report. It goes without saying that it’s always better to pay a small, predictable monthly subscription fee than it is to lose several thousand dollars due to prolonged downtime whenever data loss occurs.

When choosing a third-party Microsoft 365 backup solution, you should focus on its features, ease of use, security, compliance, and, of course, price. These days, the sheer number of available options can almost be overwhelming, but you don’t have to choose between them alone.

At OSIbeyond, we provide comprehensive Managed IT Services to organizations in the Washington D.C., Maryland, and Virginia area, including Microsoft 365 implementation, management, and backups.

Get in touch with us so that we can help you protect your Microsoft 365 data.

Related Posts: