Why Third-Party Microsoft 365 Backup is CriticalAlex Hardy-McBride,
If you’re among the millions of businesses that have migrated your mission-critical data to the cloud, for efficiency and collaboration, it’s critical you understand how your data is - and isn’t - protected with Microsoft 365.
Microsoft 365 usage has grown from 50 million to over 250 million active users over the past five years, and it saw two years’ worth of digital transformation happening in two months during the pandemic, further catapulting its growth and adoption.
Whilst this significant shift is happening, it’s important to consider that even though Microsoft 365 provides a great Software-as-a-Service solution to prevent your IT team having to manage on-site Exchange and SharePoint servers, some organisations have overlooked the data protection implications of moving their key business data to the cloud.
Most typical on-premise IT estates have disk or tape based backups with multiple year retention periods to ensure data protection and compliance, but Microsoft 365’s built-in data protection functionality is far less comprehensive.
Microsoft 365 operates under a shared responsibility model, with customer IT teams responsible for access and control of data, and Microsoft responsible for uptime and availability of the Microsoft 365 platform. It is the responsibility of the customer IT team to back up the data stored in Microsoft 365 and if this isn’t happening, data loss is likely.
"We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages. In the event of an outage or disruption to the Service, you may temporarily not be able to retrieve Your Content. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services."
You can read more on the Microsoft Service Agreement here.
Protection and long term Retention
If a mailbox item is permanently deleted by a user by either emptying their Deleted Items folder, or pressing Shift-Delete, it is retained in the 'Recoverable Items' for only a maximum of 30 days. SharePoint Online items that have been permanently deleted similarly are only retained for 93 days, so how could you retrieve data that has been accidentally deleted without another form of backup?
While Microsoft 365 has some features such as litigation hold, these need manually enabling and aren’t fully immune from user error or insider threats.
GDPR Article 32 requires organisations implement appropriate measures for:
"(b). the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;"
“(c). the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;”
Microsoft 365 Backup fills a key role in complying with these regulations.
Keep control of your data
Using a third-party Microsoft 365 backup solution ensures you can adequately protect your data, keep it available at all times, and ensure you aren’t completely dependent on a single platform that isn’t under your control.
With backups of your data held separately to Microsoft’s platforms, you ensure that any issues at Microsoft will not lead to data loss for your organisation.
As with Microsoft 365, you can ensure that your 3rd party backup solution complies with any data residency policies you have.
Backup with Veeam
We’re able to help customers eliminate the risk of losing access and control over your Microsoft 365 data and ensure it’s always protected.
- Protect Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams
- Store your Microsoft 365 backups either on premises or in the cloud
For more information, please see our whitepaper on Securing your Microsoft 365 Environment.