7 Critical Reasons Why You Need to Backup Office 365

Author: Craig Pollack Date: Mar 14, 2019 Topics: Cloud, Best Practices, Data Protection

When it comes to backing up your business' data, these days there's no excuse for failing to do so — whether you use on-site servers or cloud solutions. Backups ensure that you have a copy of your data and files available should the unthinkable happen. For example, there could be a fire, power surge, data breach, or another disaster that could strike your office. And let's not forget ransomware or some other cyber attack. In any case, it’s better to have a backup in place and not need it, than need it and not have it.

But, for businesses that use Microsoft Office 365, the big question is - whose responsibility is it to back up your data? And further, to what degree is it really being backed up?

the big Office 365 misconception

The misunderstanding falls between Microsoft’s perceived responsibility and the client's actual responsibility of protection and long-term retention of their Office 365 data. The backup and recoverability that Microsoft provides and what businesses assume they're getting are all too often different. Meaning, aside from the standard precautions Office 365 has in place, you may need to re-assess the level of control you have of your data and how much access you truly have to it.

Microsoft Office 365 offers geo redundancy, which is often mistaken for backup. Backup takes place when a historical copy of data is made and then stored in another location. However, it is even more important that you have direct access to and control over that backup. So if data is lost, accidentally deleted or maliciously attacked, for example — you can quickly recover. Geo redundancy, on the other hand, protects against site or hardware failure, so if there is an infrastructure crash or outage, your users will remain productive and often oblivious to these underlying issues.

As a robust and highly capable Software as a Service (SaaS) platform, Microsoft Office 365 fits the needs of many organizations perfectly. Office 365 provides application availability and uptime to ensure your users never skip a beat, but an Office 365 backup can protect you against many other security threats.

We've found that there's a false impression that when data is stored in the cloud, it doesn’t need to be backed up elsewhere. However, there are many reasons why businesses should create Office 365 backups that range from simple caution and wanting to have a protective measure in place to having to follow strict industry-related regulatory guidelines.


Here are seven critical reasons for ensuring you don't rely on Microsoft to backup your Office 365:

    1. Accidental deletion. If you delete a user, whether you meant to or not, that deletion is replicated across the network, along with the deletion of their personal SharePoint site and their OneDrive data. Native recycle bins and version histories included in Office 365 can only protect you from data loss in a limited way, which can turn a simple recovery from a proper backup into a big problem after Office 365 has geo-redundantly deleted the data forever, or it has fallen out of the retention period.
    2. Email backups in Outlook don’t extend beyond 30 days. Although this may come as a surprise to some Office 365 users, Outlook doesn’t backup emails that have been deleted from the bin for more than 30 days. There are two types of deletions in the Office 365 platform, soft delete and hard delete. An example of soft delete is emptying the Deleted Items folder. It is also referred to as “Permanently Deleted.” In this case, permanent is not completely permanent, as the item can still be found in the Recoverable Items mailbox. A hard delete is when an item is tagged to be purged from the mailbox database completely. Once this happens, it is unrecoverable, period. Keep in mind, the average length of time from data compromise to discovery is over 140 days. 
    3. Retention policy gaps and confusion.  The fast pace of business in the digital age lends itself to continuously evolving policies, including retention policies that are difficult to keep up with, let alone manage. Just like hard and soft deletes, Office 365 has limited backup and retention policies that can only fend off situational data loss, and is not intended to be an all-encompassing backup solution. 

      Another type of recovery, a point-in-time restoration of mailbox items, is not in scope with Microsoft. In the case of a catastrophic issue, a backup solution can provide the ability to roll back to a previous point-in-time prior to this issue and saving the day. With an Office 365 backup solution, there are no retention policy gaps or restore inflexibility. Short term backups or long-term archives, granular or point-in-time restores, everything is at your fingertips making data recovery fast, easy and reliable. 
    4. Internal security threats. The idea of a security threat brings to mind hackers and viruses. However, businesses experience threats from the inside, and they are happening more often than you think. Organizations fall victim to threats posed by their very own employees, both intentionally and unintentionally. 

      Access to files and contacts changes so quickly, it can be hard to keep an eye on those in which you’ve installed the most trust. Microsoft has no way of knowing the difference between a regular user and a terminated employee attempting to delete critical company data before they depart. In addition, some users unknowingly create serious threats by downloading infected files or accidentally leaking usernames and passwords to sites they thought they could trust. 
    5. External security threats. Ransomware leaves your data vulnerable. With your data in the cloud, it doesn’t mean this threat goes away. Memories of the WannaCry attack of 2017 are still fresh, and organizations of all types need to be prepared for this potential threat. Exchange Online’s limited backup/recovery functions are inadequate to handle serious attacks. Regular backups will help ensure a separate copy of your data is uninfected and that you can recover quickly. 
    6. Legal and compliance requirements. Sometimes you need to unexpectedly retrieve emails, files or other types of data amid legal action. Something you never think it is going to happen to you until it does. Microsoft has built in a couple safety nets, (Litigation Hold) but again, these are not a robust backup solution capable of keeping your company out of legal trouble. For example, if you accidentally delete a user, their onhold mailbox, personal SharePoint site and OneDrive account is also deleted. 
    7. A data backup is the ultimate backup plan and protection for your business. Having a backup of your most important data is crucial for ensuring business continuity in a worst-case scenario.

At FPA, we’re a certified Microsoft Cloud Essentials partner and a Microsoft VAR Champ. This means that we’re not only here to help you learn, we’re excited to share with you the benefits of integrating Office 365 into your organization’s IT infrastructure. But at the same time, we also want to make sure you're as protected as you should be.

Microsoft Isn’t Responsible for Your Data Backup Plan

As a Managed Service Provider (MSP) who's been serving companies in the Los Angeles area for more than 27 years, we’ve often heard from prospective clients who believe that, because they use Microsoft Office 365, their information is automatically backed up and that they don’t have to worry about maintaining backups for this part of their technology. However, this couldn’t be further from the truth.

Contrary to popular belief, while Microsoft may be responsible for hosting the Office 365 cloud infrastructure, it doesn’t mean that the company is responsible for creating a robust and comprehensive backup for Office 365 to preserve your data. In fact, Microsoft Office 365 offers a variety of services depending on your choice of plan, however, creating a separate data backup isn’t one of them. Here's a link to their KnowledgeBase article Backing up email in Exchange Online on the subject with the quote "Point in time restoration of mailbox items is out of scope for the Exchange Online service.". Because of this, many companies opt to use third-party solutions to ensure the data on Office 365 is well protected.

As a business owner or leader, it’s your obligation to develop and execute a backup plan and use backup software to ensure you maintain an up-to-date copy of your data, files, and records. 

How to Ensure You Have an Up-to-Date Data Backup

When you are figuring out how to backup Office 365, there are several ways to do so. For example, your in-house IT services staff can create a backup plan and use backup software. However, unless you have enough staff to handle the demand while also handling everyday work orders and special IT projects, this can be a challenging ongoing project to stay on top of each day.

Another option is to partner with an MSP who can help you develop a reliable backup and disaster recovery system as well as perform regular backups for Office 365 for your organization. By working with an MSP, you’re freeing up your own IT services team to work on mission-critical tasks for your organization.

So, the question now is this: Is your business prepared for any Office 365 disaster by having the appropriate backup in place?

Are you on Office 365?  If so, what are you doing to ensure your Office 365 information is backed up and secured?  Please share your thoughts in the comments section below, or send me an email to continue this conversation more in-depth.

New Call-to-action

Subscribe here to get our "2 Minute Tuesday" email for valuable tips & tricks!


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 30 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best leverage and secure their technology to achieve their business objectives.