The truth about Office 365 data backup

For years, Microsoft customers have been able to take advantage of cloud-based offerings for all or parts of the Microsoft Office Suite, Microsoft Exchange, Microsoft SharePoint, and OneDrive.  This “Office 365” (O365) offering alleviates the need for customers to run dedicated, on-premises application environments, allows easier management of licenses, and simplifies control via account-based access within organizations.  The one thing Microsoft does not do, however, is own the data.

Common misconceptions with O365 revolve around the cloud buzzword, and thoughts that, because it is Microsoft, you don’t have to worry about anything.  This could not be further from the truth.  Microsoft provides the infrastructure-ensuring it is fault tolerant, resilient, and secure–the applications, and licensing.  “But Microsoft has retention policies,” you might exclaim…retention policies simply describe how long data exists before it is deleted.  Typically, this is only 30 days from the point of entering a recycle bin but may be extended up to 93 days with new first- and second stage recycle bins in O365.  This still does not replace a backup of the data, and Microsoft will not take responsibility for it as such.

Given the multitude of diverse organizational requirements around data protection and backups, archival, and retention/recovery, legal holds, etc., it would be difficult for Microsoft to attempt this.

As the owner of Office 365 data, it is your responsibility to comply with your organization’s retention requirements and data-level needs such as deletions, restores, malware, etc.

Another fun fact:  once an email is deleted and enters the first- or second stage recycle bins, it is no longer indexed and cannot be found via a search. This means an eDiscovery hold search will not be able to locate the data and put a hold on it.  Let’s say a malicious employee uses work resources and email for nefarious reasons, is caught, and terminated.  Prior to having his access revoked, the employee performed a hard delete (Shift+DEL) on his entire mailbox.  After termination, internal proceedings and initial investigations took a little while.  Perhaps at day 40, the legal department, or an external legal organization, wants to review the terminated employee’s emails or receives a legal hold notice.  An IT person goes to find it…but can’t.  The mailbox was hard deleted, fell out of retention policies, and is unavailable to search.  It will likely cost the low man on the totem pole his job, or fines and legal actions against the company as a whole.  Organizations claim to not want to pay additional licensing fees for products to help them with these issues, but instead end up paying in different ways.

What can you do?

Global Data Vault offers a cloud-based backup for Office 365 Exchange, SharePoint, and OneDrive, based on Veeam’s Backup for Office 365.  It also works for hybrid environments where a part of your data still resides in an on-premises application environment.  This provides a true backup of your data, much like you would back up files and data for the rest of your organization.  It bridges all gaps, eliminates worry, provides short- and long-term retention, is transportable, and always searchable.  You can manage your own restores or contact GDV for assistance and larger recoveries.   You will be able to see which mailboxes are and are not being backed up, which is helpful in determining if there is an issue with a particular user or account.  Eliminate the “who is responsible for what” when it comes to Office 365 backups.  At Global Data Vault, it’s always our problem!

Contact Global Data Vault for more information.