Should You Backup Office 365? 5 Reasons According to Microsoft

Should You Backup Office 365? And If Yes, Then How?

This article was updated in January 2021.

So, should you backup your Office 365 data? Short answer: Yes. There are many reasons for this, but we will boil them down to the main three:

1. To comply with laws and regulations.

2. To prevent data from loss and corruption.

3. To avoid the expenses on downtime in case of disaster.

The cost of data loss may reach millions of dollars. Despite Microsoft’s advanced security features, data loss is often an occurrence in their users’ ranks. There are many reasons behind data loss: external threats, accidental data deletion, and more. Your company needs to keep its vital data secure to avoid financial and reputational risks. Such risks are one of the key concerns expressed by our customers when considering our backup.

Office 365 doesn’t back up your data fully to protect it. And here the proof.

5 Reasons Why You Should Backup Your Microsoft Office 365 Data

The following reasons may have you convinced that if you want to be compliant and be able to quickly restore your information, native O365 functionality is not enough.

1. Disruptions and outages of Microsoft services may lead to downtime and data loss

Against popular belief, power outages and service disruptions due to hardware or software failure aren’t that unusual for cloud giants like Microsoft. For example, the Microsoft outages in September and October 2020 heavily affected many European regions by causing massive downtime for companies.

If something happens from Microsoft’s side, you won’t be able to reach your data and continue working unless you have a backup. A Ponemon Institute report says that such downtime can cost an SMB company $8,000 to $74,000 per hour. The worst-case scenario is, if the servers are heavily affected by the disruption, you may never be able to get your data back.

In a document called the Microsoft services agreement, you can find pretty clear statements that in case of outages or disruptions, Microsoft is not responsible for your data:

“All online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result… We recommend that you regularly backup Your Content ad Data that you store on the Services using Third-Party Apps and Services.”

2. Office 365 account deletion leads to the deletion of all the data on that account

Deleting O365 accounts is quite a standard procedure in companies. There are many instances when an O365 account can be deleted:

  • To save money on licenses when an employee leaves
  • To migrate data to another account or data management suite
  • As the result of license services ending
  • As a result of negligent accidental account deletion
  • As a result of intentional (malicious) account deletion

Regardless of the reasons behind the account deletion, the outcome for you will stay the same: the account data will be erased forever.

Microsoft addresses this possibility in their services agreement and recommends their users to regularly back up their data if they want to access it after the account deletion:

3. Native Office 365 backup & recovery tools’ capabilities are limited

Does Microsoft backup Office 365 data? Well, yes and no.

Office 365 allows you to recover deleted items. However, the native Office 365 recovery tools are quite limited. The basic recovery from Deleted Items helps with recent accidentally deleted emails, but what about other cases? Long-deleted or purged files, corrupted mailboxes, items lost due to cyber attacks or incorrect migrations – these are just a few things Microsoft will not help you to restore. Here are the limitations of the native recovery:

  1. Recovery is time-limited. Office 365 retention time is quite limited. By default, the items are kept around for up to 30 days (14 days by default). Moreover, the purged items will be lost. However, you might need to restore your long deleted files and emails. For example, for compliance or reporting purposes. That’s why you’ll need an Office 365 email backup.
  2. No point-in-time recovery. Let’s say your mailbox has got corrupted, and the version history is turned off. Your data becomes lost forever as there is no way to choose the “clean” version and restore it. This is possible only if you backup your Office 365 mailbox. 
  3. Recovery is overcomplicated. Unlike professional backup software, O365 is not a one-click solution. For example, Office 365 recovery via In-Place eDiscovery & Hold has many conditions and steps that are too time-consuming and still not always helpful.
  4. Office 365 doesn’t follow user data backup best practices. There is a basic rule of a safe backup. It’s called the 3-2-1 rule. According to this practice, three backups should be stored on two media, with at least one off-site copy. Yet, Microsoft stores cloud backup data in the same cloud as the source data. To put it simply, the data copy in the Microsoft cloud is vulnerable to the same threats as the data it backs up. Of course, it makes the security of your data incomplete. But Office 365 is not a backup service, so it isn’t supposed to follow the best backup practices.

4. Permanent data deletions in Office 365 are irreversible without a backup

There are two ways data can be deleted in Office 365: temporarily (soft-deleted) and permanently (hard-deleted). In the first case, your information is recoverable without backup; in the second case, it isn’t.

Data becomes permanently deleted (or hard-deleted) without hope for restoration in the following cases:

1. When it has been temporarily deleted (or soft-deleted) for longer than 30 days without being restored;

2. When the user account that is associated with this data has been hard-deleted;

3. When someone manually removes the data from the Recoverable Items folder.

There is one exception to this rule: if the hard-deleted files were previously preserved by the retention policy,  you could access them via eDiscovery. But it is rarely helpful in restoring data because:

a) eDiscovery is not designed to restore information but to retain it as evidence in a legal case;

b) eDiscovery is available only for Office 365 E3 subscriptions or higher, which costs $20>/month per user, while professional backup costs ~$6/ month per user.

5. Office 365 can’t protect your data from all external security threats

There are many external security threats to your data: ransomware, malicious applications, brute-force attacks, account hijacking, and data theft. To help their users Office 365 offers a range of useful tools to improve the security of your data. One of such tools is Microsoft 365 Security & Compliance Center, which is basically a hub with resources and compliance scoring systems for IT administrators. From there, you can set up security settings regarding phishing protection, basic data loss prevention, access and threat management, and more.

However, what many people tend to miss out on is that Microsoft operates on a so-called “shared responsibility” model. This model implies that managing security and compliance is a partnership.

While Microsoft protects its Microsoft 365 services, you, as a tenant (customer), are responsible for protecting your data, identities, and devices. 

You can see this by looking at the shared responsibility model created by Microsoft:

Source: Microsoft.com

That’s why many companies use additional Office 365 backup solutions to make their Office 365 environments more secure. And that’s why having a backup is definitely a good idea.

To find out more about the shared responsibility model and cloud security, read our article Cloud Storage Security From A to Z: Is the Cloud Safe?

Should You Backup Office 365 With Third-Party Tools?

As we’ve found out why backup Office 365, the next question will be, how to backup it? As we’ve also discovered earlier, native tools are not enough for a secure backup. Therefore, third-party backup is probably the best option for businesses. Unlike Office 365, third-party software provides a full backup to ensure your data is truly secure. With third-party backup software:

  • You can back up your Outlook and Onedrive items, including Calendars and Contacts.
  • You have better retention options. The backup data can be stored indefinitely for compliance reasons for a moderate price of $4/month per account. It is substantially cheaper than paying $20/month per account for data retention in the O365 E3 license.
  • You have the point-in-time data restore, meaning you choose the version to recover.
  • You can keep your source data and backup data separately. Your Microsoft Office 365 backup data will be stored in the cloud of your choice (Amazon AWS or Google’s GCP).
  • You have advanced options to monitor data storage and usage.
  • You have the same folder hierarchy of restored data as in your original files, so you can restore your items exactly to the folders they were deleted from.
  • Save your time and effort with a user-friendly interface.

To see how exactly third-party backup works and decide for yourself:

SpinOne Demo

To find out what do you need from the Office 365 backup solutions, check out our in-depth guide:

OFFICE 365 BACKUP SOLUTION GUIDE