Microsoft Office 365 has undeniably taken the globe by storm, with corporations and some of their most sensitive data migrating to the cloud. Office 365 announced an astounding 200+ million active monthly users worldwide in late 2022, and it has continued to develop and adapt since then.
That’s hardly surprising, given the raw value and ease of use that Office 365 offers at its pricing point. Instead of running their own Exchange, SharePoint, and file storage servers, many businesses are quickly adopting the platform.
The problem is that many businesses don’t think to ask themselves, “How is my data protected?” and assume backup and data security are included in the deal. Many people are astonished to learn that Microsoft doesn’t have a clearly defined backup plan for Office 365, even though Office 365 is primarily a communications platform rather than a data backup service.
This isn’t to suggest that Microsoft doesn’t offer any data security features. There are a few tools and features scattered across the Office 365 suite that, when combined, form a baseline toolkit for archiving your Office 365 data. However, if your company relies on having a solid backup and recovery plan in place, these technologies are unlikely to be adequate.
We’ll go through the main reasons why you need a proper backup strategy for Office 365 in this article. We’ll also show how, in some circumstances, Microsoft’s built-in data governance and retention measures fall short.
#1: Microsoft is not responsible your data protection
While Microsoft is responsible for keeping the cloud infrastructure services operational (which is understandable), you are responsible for the security of your data housed by those services. This is known as the Office 365 Shared Responsibility Model, and it serves as a reminder that sustaining service and data availability is a collaborative effort. The following excerpt from Microsoft’s current Services Agreement page explains their stance on data protection for their cloud services:
Service Availability: We make every effort to keep the Services up and running; but all online services are subject to periodic disruptions and outages, and Microsoft is not responsible for any inconvenience or loss you may experience as a result. You may not be able to retrieve Your Content or Data that you’ve saved if there is an outage. We suggest that you back up Your Content and Data that you store on the Services or that you store using Third-Party Apps and Services on a regular basis.
#2: Exchange Online has no point-in-time recovery, preventing easy ransomware recovery.
Customers who use Exchange Online do not have access to backups using Office 365. This means that if a user gives a rogue user access to their account by accident, ransomware can infect their Office 365 email. Only a recent backup could bring the content back to a safe state.
This is a significant challenge for businesses. While Office 365 allows you to recover individual messages that have been removed from a mailbox for a period or restore an accidentally deleted mailbox to its original state, there is no way to recover a backup to a specific point in time. Microsoft’s official stance is as follows:
The Exchange Online service does not support point-in-time mailbox item restoration. Exchange Online, on the other hand, provides excellent retention and recovery support for your organization’s email infrastructure, ensuring that your mailbox data is always available when you need it, regardless of what occurs.
#2: Exchange Online has no point-in-time recovery, preventing easy ransomware recovery.
Customers who use Exchange Online do not have access to backups using Office 365. This means that if a user gives a rogue user access to their account by accident, ransomware can infect their Office 365 email. Only a recent backup could bring the content back to a safe state.
This is a significant challenge for businesses. While Office 365 allows you to recover individual messages that have been removed from a mailbox for a period or restore an accidentally deleted mailbox to its original state, there is no way to recover a backup to a specific point in time. Microsoft’s official stance is as follows:
The Exchange Online service does not support point-in-time mailbox item restoration. Exchange Online, on the other hand, provides excellent retention and recovery support for your organization’s email infrastructure, ensuring that your mailbox data is always available when you need it, regardless of what occurs.
#2: Exchange Online has no point-in-time recovery, preventing easy ransomware recovery.
Customers who use Exchange Online do not have access to backups using Office 365. This means that if a user gives a rogue user access to their account by accident, ransomware can infect their Office 365 email. Only a recent backup could bring the content back to a safe state.
This is a significant challenge for businesses. While Office 365 allows you to recover individual messages that have been removed from a mailbox for a period or restore an accidentally deleted mailbox to its original state, there is no way to recover a backup to a specific point in time. Microsoft’s official stance is as follows:
The Exchange Online service does not support point-in-time mailbox item restoration. Exchange Online, on the other hand, provides excellent retention and recovery support for your organization’s email infrastructure, ensuring that your mailbox data is always available when you need it, regardless of what occurs.
Microsoft emphasizes that they provide service availability and always assure that you have access to your mailbox and a single copy of your current data, but they do not back up the data. This can have serious consequences, particularly if ransomware encrypts a user’s Exchange Online mailbox. Kevin Mitnick, a security expert, demonstrates how to simply encrypt an Office 365 mailbox in a simulated ransomware assault in the video below.
#3 Increase your 30 days limit with Office 365
While not as inconvenient for administrators as not having point-in-time recovery for Exchange Online, this could still be a problem for many businesses. You can execute point-in-time recoveries using OneDrive for Business and SharePoint Online, but only within the last 30 days. You’ll need a third-party backup tool for Office 365 if you need point-in-time restore capabilities beyond 30 days. Because many organizations store vital data in OneDrive and SharePoint, the 30-day limit on point-in-time capabilities is frequently a deal-breaker.
All of the administration is automated with a system like DESH CLOUD Office 365 Backup. Microsoft 365 backups are taken and stored in the cloud up to four times each day. The license includes unlimited cloud storage for M365 backups.
You should invest in a solid O365 backup solution if you work in regulated industries with tight data preservation policies.
Because Microsoft 365 is primarily a communications platform rather than a data protection service, the backup tools that come with it are unlikely to provide a comprehensive solution for your backup and recovery needs. While they offer some value, you’ll need to rely on a dedicated Office 365 backup solution like DESH CLOUD Office 365 Backup for a comprehensive and robust solution.