Microsoft does not back up Office 365. Don’t be like Microsoft.

11 Oct 2019

If you think Microsoft back up your Office 365 data, you’re not alone. But you’re also wrong.

This common misconception puts your critical data and entire business at considerable risk. The data in your Office 365 mailboxes, SharePoint, and OneDrive is in fact explicitly your responsibility to protect.

Here it is in black and white, from Microsoft’s Office 365 service agreement:

“In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services…”

To understand why, it’s probably helpful to explore the definition of backup, why Office 365’s features fail to conform to it, and what a true backup solution, in contrast, looks like.

How Office 365 breaks the backup rules

Firstly, Office 365 violates the cardinal ‘3-2-1 backup rule’ – three copies of your data on two different pieces of media, one of which should be offsite.

Using Office 365 to protect itself is akin to backing up your PC files to somewhere else on your PC that is subject to exactly the same risk of loss!

Secondly, what we often think of as backup features within Microsoft’s cloud don’t meet the criteria for backup at all; they are merely storage or versioning, and they come with limited capacities and unwelcome baggage - for example:

  • Insufficient retention – There’s optional 30-day retention in Office 365’s Recoverable Items folder – that’s certainly not enough to qualify it as backup, yet the default setting is a mere 14 days!
  • Single point of failure for data loss – When the Recoverable Items bin is purged (by you, by an admin, deliberately, accidentally, by malware or a malicious insider) that data is gone for good. Risky, right?
  • Weak versioning – Office 365 keeps up to 500 versions of each file – that sounds a lot, but it’s saving your data every few seconds, so the version count very soon gets eaten up (potentially taking the version that you need with it!)
  • Expensive, inflexible, non-compliant – Microsoft’s Retention Lock in Office 365 extends its versioning capability, but eats into your storage, forcing you to buy more of it (neat, huh?) It’s also hugely complex to configure, and permanently irreversible - problematic for compliance considerations like the right to be forgotten and legal hold.
  • Ultimately, all these shortcomings translate to the same broad risk across all organisations and verticals: the cost of failing to access and restore data in order to recover from any kind of data loss, whether due to user error, cyber-attack (e.g. ransomware), account closure, malicious insider activity, or software defects. In April 2019, the UK Government published research stating that the cost to UK businesses of data breaches had increased more than 41% over two years. The more we rely on data, the more damaging its loss becomes.

    In short, you need to backup Office 365.

    Choosing your Office 365 backup: 4 pointers

    But you also need your backup to be user-friendly, reliable, and economical, with zero-minimal impact on existing backup systems and processes, as well as being secure and compliant.

    So what features should you look out for?

    Firstly: daily, automatic, and comprehensive backups, covering all your Office 365 data, including SharePoint and OneDrive – mailboxes, folders, mail, contacts, calendar and tasks, or whichever of them you select. And, of course, the backup solution needs to retain versions for an adequate length of time, in easily searchable form, without constantly forcing up your storage costs.

    Secondly: security is critical, so insist on a UK data centre that is safe from US Patriot Act snooping and can demonstrate the highest levels of physical security (amongst others: 24-hour video recording, biometric and PIN access, fire suppression systems and battery and power backup.) Look out also for Government-grade, 256bit AES encryption to keep your data secure both in transit and at rest, using a key that only you have access to.

    Thirdly: availability, agility and ease. The more rapidly data can be accessed or a technical issue can be resolved, the quicker your business will recover operationally and financially from any incident, so choose a solution that restores data directly back into Office 365, cloud-to-cloud, backed by UK-based tech support that’s there 24/7.

    Fourthly: tread carefully. Many generic backup solutions have a known problem with Office 365 that ignores files at random and makes it impossible to achieve a full and reliable backup. Quiz your backup provider on this point and request a live demo or free trial to verify that everything works as it should!

    With Office 365, Microsoft take care of the physical cloud infrastructure and connectivity to deliver a very useful and reliable service.

    But their cloud is not your backup. Time to act. Contact us today to start your Office 365 Backup trial.