Should You Backup Office 365? And If Yes, Then How?

So, should you backup Office 365 data? Short answer: Yes. It is crucial to manage backups of Office 365 data. There are many reasons for this, but we will boil them down to the main three:

1. To comply with laws and regulations.

2. To prevent data from loss and corruption.

3. To avoid the expenses on downtime in case of disaster.

The cost of data loss may reach millions of dollars. Despite Microsoft’s advanced security features, data loss is often an occurrence in their users’ ranks. There are many reasons behind data loss: external threats, accidental data deletion, and more. Your company needs to keep its vital data secure to avoid financial and reputational risks. Such risks are one of the key concerns expressed by our customers when considering our backup.

Office 365 doesn’t back up your data fully to protect it. And here the proof.

Should You Backup Office 365 Data?

And most importantly, why do you need to backup office 365? The following five reasons may have you convinced that if you want to be compliant and be able to quickly restore your information, it is crucial to have additional recovery options beyond native O365 functionality.

1. Disruptions and outages of Microsoft services may lead to downtime and data loss

Against popular belief, power outages and service disruptions due to hardware or software failure aren’t that unusual for cloud giants like Microsoft. For example, the Microsoft outages in September and October 2020 heavily affected many European regions by causing massive downtime for companies.

If something happens from Microsoft’s side, you won’t be able to reach your data and continue working unless you have a backup. A Ponemon Institute report says that such downtime can cost an SMB company $8,000 to $74,000 per hour. The worst-case scenario is, if the servers are heavily affected by the disruption, you may never be able to get your data back.

The Microsoft services agreement clearly states that Microsoft is not liable for any damages or losses incurred due to outages or other disruptions, including any critical data that may be affected:

“All online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result… We recommend that you regularly backup Your Content ad Data that you store on the Services using Third-Party Apps and Services.”

2. The deletion of an Office 365 account will result in the complete removal of all data in it.

Deleting O365 accounts is quite a standard procedure in companies. There are many instances when an O365 account can be deleted:

• To save money on licenses when an employee leaves
• To migrate data to another account or data management suite
• As the result of license services ending
• As a result of negligent accidental account deletion
• As a result of intentional (malicious) account deletion

Regardless of the reasons behind the account deletion, the outcome for you will stay the same: the account data will be erased forever.

Microsoft addresses this possibility in their services agreement and recommends their users to regularly back up their data if they want to access it after the account deletion.

3. Native Office 365 backup & recovery tools’ capabilities are limited

Does Microsoft backup Office 365 data? Well, yes and no.

Office 365 allows you to recover deleted items. However, the native Office 365 recovery tools are quite limited. Restoring emails from the Deleted Items folder can assist with recently deleted emails by mistake, yet what about other scenarios? Long-deleted or purged files, corrupted mailboxes, items lost due to cyber attacks or incorrect migrations – these are just a few things Microsoft will not help you to restore. Here are the limitations of the native recovery:

1. Recovery is time-limited. Office 365 retention time is quite limited. By default, the items are kept around for up to 30 days (14 days by default). Moreover, the purged items will be lost. However, you might need to restore your long deleted files and emails. For example, for compliance or reporting purposes. That’s why you’ll need an Office 365 email backup.
2. No point-in-time recovery. Let’s say your mailbox has got corrupted, and the version history is turned off. Your data becomes lost forever as there is no way to choose the “clean” version and restore it. This is possible only if you backup your Office 365 mailbox.
3. Recovery is overcomplicated. Unlike professional backup software, O365 is not a one-click solution. For example, Office 365 recovery via In-Place eDiscovery & Hold has many conditions and steps that are too time-consuming and still not always helpful.
4. Office 365 doesn’t follow user data backup best practices. There is a basic rule of a safe backup. It’s called the 3-2-1 rule. According to this practice, three backups should be stored on two media, with at least one off-site copy. Yet, Microsoft stores cloud backup data in the same cloud as the source data. To put it simply, the data copy in the Microsoft cloud is vulnerable to the same threats as the data it backs up. Of course, it makes the security of your data incomplete. But Office 365 is not a backup service, so it isn’t supposed to follow the best backup practices.

Check out Outlook recovery.

4. Permanent data deletions in Office 365 are irreversible without a backup

There are two ways data can be deleted in Office 365: temporarily (soft-deleted) and permanently (hard-deleted). In the first case, your information is recoverable without backup; in the second case, it isn’t.

The following cases are irreversible and will result in data being permanently deleted (or hard-deleted) without any possibility of restoration.

1. Data will become permanently deleted (also known as “hard-deleted”) if it has been removed (or “soft-deleted”) for more than 30 days without being restored.
2. If the user account that is associated with the data is hard-deleted, the data will also be permanently deleted.
3. The data will be permanently deleted if it is manually removed from the Recoverable Items folder.

There is one exception to this rule: if the hard-deleted files were previously preserved by the retention policy, you could access them via eDiscovery. But it is rarely helpful in restoring data because:

a) eDiscovery is not designed to restore information but to retain it as evidence in a legal case;

b) eDiscovery is available only for Office 365 E3 subscriptions or higher, which costs $20>/month per user, while professional backup costs ~$6/ month per user.

Related Link: How to Recover Deleted Emails in Outlook

5. Office 365 can’t protect your data from all external security threats

There are many external security threats to your data: ransomware, malicious applications, brute-force attacks, account hijacking, and data theft. To help their users Office 365 offers a range of useful tools to improve the security of your data. One of such tools is Microsoft 365 Security & Compliance Center, which is basically a hub with resources and compliance scoring systems for IT administrators. From there, you can set up security settings regarding phishing protection, basic data loss prevention, access and threat management, and more.

However, what many people tend to miss out on is that Microsoft operates on a so-called “shared responsibility” model. This model implies that managing security and compliance is a partnership.

While Microsoft protects its Microsoft 365 services, you, as a tenant (customer), are responsible for protecting your data, identities, and devices.

You can see this by looking at the shared responsibility model created by Microsoft.

That’s why many companies use additional Office 365 backup solutions to make their Office 365 environments more secure. And that’s why having a backup is definitely a good idea.

To find out more about the shared responsibility model and cloud security, read our article →Cloud Storage Security From A to Z: Is the Cloud Safe?

Should You Backup Your Microsoft 365 Data With Third-Party Tools?

As we’ve found out why perform a backup, the next question will be, how to backup Microsoft Office 365 data? As we’ve also discovered earlier, native tools are not enough for a secure backup. Therefore, third-party backup is probably the best option for businesses. Unlike Office 365, third-party software provides a full backup to ensure your data is truly secure.

Using third-party tools is one of the Office 365 backup best practices. But not all of them are good though.

With third-party backup software:

• You can back up your Outlook and Onedrive items, including Calendars and Contacts.
• You have better retention options. The backup data can be stored indefinitely for compliance reasons for a moderate price of $4/month per account. It is substantially cheaper than paying $20/month per account for data retention in the O365 E3 license.
• You have the point-in-time data restore, meaning you choose the version to recover.
• You can keep your source data and backup data separately. Your Microsoft Office 365 backup data will be stored in the cloud of your choice (Amazon AWS or Google’s GCP).
• You have advanced options to monitor data storage and usage.
• You have the same folder hierarchy of restored data as in your original files, so you can restore your items exactly to the folders they were deleted from.
• Save your time and effort with a user-friendly interface.

To see how exactly third-party backup works and decide for yourself:

Try SpinOne for free

Frequently Asked Questions