Do you have control of your Office 365 data? Do you have the ability to restore corrupt or lost files? The typical answer “Yes, Microsoft takes care of that” might not actually be that accurate. The misconception that Microsoft fully backs up your data on your behalf is quite common, and without a shift in mindset, could have damaging repercussions when this responsibility is left unattended.
Ultimately, you need to ensure you have access to, and control over, your Exchange Online, SharePoint Online and OneDrive for Business data.
In many discussions with our clients it becomes clear that the backup and recoverability that Microsoft provides and what users assume they are getting are often different. Office 365 provides
application availability to ensure your users never skip a beat, but with the average length of time from data compromise to discovery is over 140 days the built in protection is not enough.
Office 365 limitations
Native recycle bins and version histories included in Office 365 can only protect you from data loss in a limited way. Once an item is tagged to be purged from Office 365 completely it is unrecoverable, period. In addition, point-in-time restoration of mailbox items is not in scope with Microsoft. Even when data is retrievable, the process is long and complicated, and retention policies vary for each application included in the cloud platform.
Applications like OneDrive and SharePoint power much of the collaboration capabilities within Office 365. However, that collaboration can be put in jeopardy when user error, hacking, sync issues, or malicious insiders cause data loss. Both apps leverage a primary and secondary recycle bin with 93-day retention periods, but these can also be emptied at any time which means that data is unretrievable.
Microsoft also recently released a OneDrive restore feature, which enables end users to roll back all of their files to a previous point in time within 30 days, but there are major limitations. Most importantly, it adds no new protection – if the data has been deleted, it cannot be restored. For the data that does still exist in OneDrive, it is an “all or none” destructive restore – which means a user has to roll back all changes made in their OneDrive account to the selected time (even the intended changes) — instead of being able to limit the changes to certain files and folders.
Exchange Online also has its own retention policies. By default, deleted emails go into the Deleted Items folder. Once they are purged from this (or if a customer hard- deletes Exchange items), they are sent to a secondary “Recoverable Items” folder, which has a 14-day default retention period (can be extended to 30 days).
In the case of a catastrophic issue, none of the offerings in Office 365 gives you a backup solution that can provide the ability to roll back to a previous point-in-time prior to this issue and saving the day.
Who is responsible?
Microsoft does backup Office 365, but only to be able to restore the services in case of a natural disaster. They will protect you from natural disasters that affect their data centers, hardware or software failures on their part, power outages, operating system errors, etc.
You are responsible to protect your data from human error (due to malicious activity or innocuous accidents), misconfigured workflows, hackers, and viruses. Backing up your users and data is truly your responsibility and if you are not proactive about that, any help you get from Microsoft in times of crisis is minimal at best.
Office 365 backup and retention policies can only protect you from data loss in very limited scenarios, and can’t take the place of 3rd party backup solutions.
You already made a smart business decision by deploying Microsoft Office 365, now find a backup solution that offers you both complete access and complete control of your Office 365 data and avoid the unnecessary risks of data loss. Contact one of our Technical Advisers and they will get you set up in no time!
Tags: backup, data protection, office365, security