Everything You Need To Know About Microsoft 365 Backup And Recovery (FAQs)
What Is Microsoft 365 Backup And Recovery?
Microsoft 365 (M365) backup and recovery solutions provide you with the ability to take point-in-time snapshots of your M365 data and store them in a secondary storage facility. This facility could be your own on-premises environment, the backup provider’s private cloud platform, or even a popular public cloud like AWS or Azure. Keeping your backups separate from your live servers offers an added layer of protection, as any compromise to the latter won’t affect the former. For example, if your organization falls victim to a ransomware attack, your safely stored backups will remain untouched.
Having backups in place ensures that in the event of data loss or destruction due to human error, a technical glitch, a natural disaster, or a cyberattack, your backup and recovery provider can quickly restore your M365 data to its previous state—and often, to the right location within your M365 environment.
To ensure you’re always able to restore Microsoft 365 data from a backup, we recommend that you follow the “3-2-1” rule of backing up data: keep at least three copies of your data, stored in at least two different formats, and store at least one copy off-premises.
How Do Cloud Backup Solutions For M365 Work?
Cloud backup solutions for Microsoft 365 work by replicating your M365 data onto cloud-based servers. They either do this using continuous replication or scheduled replication.
Continuous replication is when the backup provider copies your data to the cloud server in real-time as changes are made within your live M365 environment. This is the most common type of cloud backup, as it provides organizations with an up-to-date copy of their data so that, in the event of a data loss incident, they can recover their data to a point in time as close to the incident as possible, resulting in minimal data loss.
Scheduled replication is when the backup provider copies your data to the cloud server according to a pre-defined schedule (e.g., daily or weekly). The main drawback to this method is that, if you experience a data loss incident, you will lose any data created between your last backup and the time the incident occurred. So, if you’ve scheduled weekly backups that take place on a Friday and you experience a cyber attack on a Thursday, you could lose 6 days’ worth of data.
Why Should You Back Up M365 Data?
Veeam’s 2023 Ransomware Trends Report found that one in seven organizations will see more than 80% of their data affected as a result of a ransomware attack. That means that not only are these attacks likely to happen, but they’re also likely to be successful. However, cybercriminals don’t want organizations to be able to recover their systems easily, because being able to do so means they can refuse to pay the ransom and still recover their data. So, ransomware actors are increasingly targeting backup systems in their attacks. In fact, in 93% of attacks, attackers attempt to breach their victims’ backup repositories, resulting in 75% losing at least some of their backups during the attack.
What does this mean for you? It means that not only should your organization be backing up your critical Microsoft 365 data, but you also need to make sure that you’re using a strong backup and recovery solution to do so—one that can create immutable, tamper-proof backups that can’t be compromised by an attacker.
Who Is Responsible For Backing Up M365 Data?
Microsoft 365 is a Software-as-a-Service (SaaS) application suite. SaaS applications are built on a shared responsibility model: Microsoft is responsible for the infrastructure, such as the data center, network controls, applications, virtualization, and operating system; you (the customer) are responsible for protecting your data. That includes securing your endpoints, accounts, and data, and implementing data backup, business continuity and disaster recovery (BCDR), and access management.
So, Microsoft will solve any issues related to software failures or downtime, but you have to protect your own data against loss or damage caused by human error, threat actors, or programmatic error.
Does Microsoft Backup 365 Data Natively?
While Microsoft does offer its own cloud backup and recovery service, this is not included as part of a standard Microsoft 365 subscription and must be purchased separately or as an add-on.
When it comes to Microsoft 365’s native backup capabilities, Microsoft does create regular backups of your 365 data, but this is only to keep your data accessible in line with the 99.9% uptime promised in their service level agreement (SLA). So, these backups exist only to safeguard Microsoft; your organization, admins, and end users cannot access them.
Within Microsoft 365, different applications offer different retention periods for data, but these only offer protection for an average of 30-90 days:
- Inbox data is stored for two years before being archived
- Recycle Bin items are stored for one month before being deleted
- Deleted SharePoint Online and OneDrive items are stored for up to four months before being deleted
- The data of a user who has left the company is stored for one month before being deleted
If you want to be able to access and restore your Microsoft 365 data in the event of accidental or malicious loss, you need to create backups of that data yourself. The best way to do that is by using a third-party backup and recovery solution, like the ones listed in this guide.
What Is Microsoft’s Own 365 Backup Product?
In November 2023, Microsoft announced the launch of their own backup and recovery products, Microsoft 365 Backup. Like other M365 backup solutions, Microsoft 365 Backup creates copies of your M365 data, but it writes those copies out to a secondary storage facility that still resides within the Microsoft 365 trust boundary. This means that you can manage the security of your backups in the same place that you manage your live Microsoft 365 environment.
Microsoft 365 Backup offers full backup and point-in-time restoration for SharePoint, OneDrive, and Exchange mailboxes. It also enables users to search or filter their backup archive to find specific files, using metadata such as the file owner, subject, and creation/modification dates. Microsoft 365 Backup doesn’t currently offer backup and recovery for Teams chat data, and its file recovery features are not as granular as some other M365 backup solutions; however, Microsoft has announced that these features are a part of their roadmap post-general availability.
Microsoft’s own backup solution is currently only available as a paid public preview. The solution will reach general availability in the first half of 2024.
What Features Should You Look For In A Backup And Recovery Solution For Microsoft 365?
While all backup and recovery solutions will offer slightly different feature sets in order to meet different use cases, there are some features that you should look for in any backup and recovery solution for Microsoft 365. These are:
- Compatibility with all the MS365 apps your business is using.
- Daily backups that are automated to free up your IT team from the responsibilities of running, monitoring, and managing backups.
- Granular search capabilities that enable admins to easily to locate individual pieces of data and restore or export them.
- Restoration options for both individual files and full systems.
- Retention periods and storage limits tailored to meet your organization’s needs. For example, HIPAA compliance may necessitate varying retention periods for different data types and a substantial or unlimited storage capacity.
- Security features such as encryption, role-based access, and multi-factor authentication for added protection.