Why the Native Backup for Microsoft 365 Isn't Enough

These days, when it comes to backing up your business' data there's no excuse for failing to do so — whether you use on-site servers or cloud solutions. Backups ensure that you have a copy of your data and files available should the unthinkable happen. For example, there could be a fire, power surge, data breach, or another disaster that could strike your office. Or a rogue employee deletes a highly valuable set of files. And let's not forget ransomware or some other cyber attack. In any case, it’s always better to have a backup in place and not need it, than need it and not have it.

But, for organizations that use cloud services like Microsoft 365, the big question is - what is really being backed up, when, and whose responsibility is it? As with all backup considerations, what can you do to ensure that your M365 data is protected from a system failure, cyber attack, or natural disaster?

While MICROSOFT 365 is Cloud based, Backup for IT is still a Must

For some reason, there's a false impression that when data is stored in the cloud it doesn’t need to be backed up. However, there are many reasons why businesses should create Microsoft 365 backups that range from simple caution and wanting to have a protective measure in place to having to follow strict industry-related regulatory guidelines.

According to a recent article from Dropsuite, there are five reasons for ensuring you have a backup for Microsoft 365:

    1. Your data is in the cloud, but where is the cloud server? If your information is stored in servers that are all grouped at one geographic location, that means your information may be lost should something happen to that facility.
    2. Email backups in Outlook don’t extend beyond 30 days. Although this may come as a surprise to some Microsoft 365 users, Outlook doesn’t backup emails that have been deleted older than 30 days.
    3. Some industries have strict regulations concerning data backup implementation. Industry regulatory compliance is essential for many types of organizations — particularly those individuals and organizations that work in healthcare, finance, and other heavily-regulated industries that handle sensitive information.
    4. Ransomware leaves your data vulnerable. With your data in the cloud, it doesn’t mean the threat goes away. Memories of the WannaCry attack of 2017 are still fresh, and organizations of all types need to be prepared for this potential threat.
    5. A data backup is the ultimate business continuity plan and protection for your business. Having a backup of your most important data is crucial for ensuring business continuity in a worst-case scenario.

In addition, one of the key downsides to using the native backup solution provided is that (more often than not) it's an "all or nothing" approach to a restore. This is more of a "business continuity" approach than truly having different versions of files available to restore. For example, if you noticed a file was corrupt, but the last known good version is from 6 months ago, without the appropriate backup solution in place, this file doesn't exist in the native M365 backup.

Microsoft Isn’t Responsible for Your Data Backup Plan

As a Managed Service Provider (MSP) who's been serving companies in the Los Angeles area for more than 30 years, we’ve often heard from prospective clients who believe that, because they use Microsoft 365, their information is automatically backed up and that they don’t have to worry about maintaining backups for this part of their technology. However, this couldn’t be further from the truth.

Contrary to popular belief, while Microsoft may be responsible for hosting the cloud infrastructure, it doesn’t mean that the company is responsible for creating a robust and comprehensive backup for to preserve your data stored there. In fact, Microsoft 365 offers a variety of services depending on your choice of plan, however, providing a comprehensive approach to data backup isn’t one of them. Based on Microsoft’s Service Agreement (Sec.6b), in the event of an outage, they do not guarantee retrieval of your content or data that you have stored. They recommend regular backup using third-party backup solutions to cover this gap.

Based on this, most organizations looking to protect their investment in Microsoft 365 choose to use third-party solutions to integrate with their Microsoft 365 instance. This is something we strongly recommend to our clients as well.

As a business owner or leader, it’s your obligation to develop and execute a backup plan and use backup software to ensure you maintain an up-to-date copy of your data, files, and records. But, how do you go about deciding on the appropriate backup solution for your Microsoft 365 data, documents, and files?

How to Ensure You Have an Up-to-Date Data Backup

When you're considering how to backup Microsoft 365, there are several possible approaches. For example, your in-house IT services staff can create a backup plan and use backup software. However, unless you have enough staff to handle the demand while also handling everyday work orders and special IT projects, this can be a challenging ongoing project to stay on top of each day.

Another option is to partner with an MSP who can help you implement a reliable backup and disaster recovery system for M365 as well as review and test your backups regularly. By working with an MSP, you’re not only freeing up your own IT resources, but leveraging experts in this area with one of the most critical aspects of protecting your technology investment.


To summarize:

  • Your organization (ultimately) is responsible for ensuring that your Microsoft 365 is backed up comprehensively
  • Know that the backup solution provided by Microsoft is minimal at best
  • A third-party backup solution for Microsoft 365 is essential for protecting businesses across a variety of industries (particularly those highly-regulated industries) for a complete and comprehensive backup solution

Now the question is: Is your organization prepared for a Microsoft 365 disaster by having the appropriate backup in place?

Be sure to download our free Technology Report Card to see where your organization stands concerning its technology preparations by clicking on the image below.  

That said, within your organization, what have you done or what are you doing to ensure your Microsoft 365 information is appropriate being backed up? Share your thoughts in the comments section below, or send me an email to continue this conversation in more detail.

New Call-to-action

Subscribe here to get our "2 Minute Tuesday" email for valuable tips & tricks!


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 30 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best leverage and secure their technology to achieve their business objectives.