Get the Real Scoop: Office 365 Backup Policies & How to Fully Protect Your Data

Microsoft Office 365 prides itself on enabling dynamic, collaborative workplaces for its customers. Industry-leading security measures and attention to privacy, compliance, and accessibility support the robust functionality of the cloud productivity suite. Even so, research shows that data loss and protection are still major concerns for most businesses migrating to the cloud.

Part of that worry can be alleviated by having secure backups of SaaS data and the ability to quickly restore that data to an application in the event of data loss. This post will examine a few important backup policies offered by Office 365 so that you can determine where Microsoft’s responsibilities regarding backup and recovery end—and where yours begin. Equipped with this knowledge, you can feel confident that you can fully protect Office 365 data and wield the power of the cloud without worry over data loss.

Understanding Microsoft’s backup and retention policies

Data loss is often a major concern for Office 365 customers because Microsoft’s backup policies cannot guarantee a complete and speedy restore of lost data. Even when data is retrievable, the process is long and complicated, and retention policies vary for each application included in the cloud platform.

Applications like OneDrive enable a collaborative workplace. However, that collaboration can be put in jeopardy when user error, hacking, sync issues, or malicious insiders cause data loss. OneDrive only stores the most recent version of your content, not the entire history. So there is no way to access previous drafts should you need to do so. In addition, the recycle bin within OneDrive has a default retention period of 90 days. After this period, files can no longer be restored.

Recently, new data retention policy settings have arisen for Outlook. Previously when deleting an email within Outlook, there was a period of 30 days in which the email could be recovered. After that, it was gone forever. But, Microsoft now allows admins to customize retention for deleted items in Office 365.

And while this may sound like the answer to all your backup and retention hopes and dreams, consider this:

  • This new retention policy applies only to Outlook. Retention policies vary from service to service within Office 365, and that can get difficult to manage.
  • Policies are always evolving and tend to be very complicated. If you aren’t constantly monitoring your organization’s data and investing time to understand the complex landscape, it’s easy for things – like critical data – to fall through the cracks.
  • Office 365 backup and retention policies can only protect you from data loss in a limited way and are not intended to be a complete backup solution.

Backup and retention policies are not a substitute for a complete backup and restore solution.

Even more importantly, Microsoft’s policies are not designed so that customers have direct access to backed up data with the ability to easily restore it. According to Microsoft MVP Brien Posey:

“The sad truth is that you might not have as many options for restoring your data as you might think. As such, it is critically important to understand your options for disaster recovery in an Office 365 environment...Microsoft’s primary mechanisms for protecting Office 365-based Exchange Servers are geographically distributed Database Availability Groups. Microsoft says they also perform traditional backups of Office 365 servers. However, those backups are used for internal purposes only if they experienced a catastrophic event that wiped out large volumes of customer data…This can be a bit disheartening, because item-level recovery alone is often inadequate. Item-level recovery protects an organization against deleting items such as messages or mailboxes, but it does not allow for the recovery of a corrupt mailbox. Neither is there a provision for reverting a mailbox server to an earlier point in time (such as might be necessary if a virus corrupted all the mailboxes on a server). The Office 365 service-level agreement addresses availability, not recoverability.”

Microsoft does all they can to put safeguards in place so that their customers don’t lose data. But the bottom line is, Microsoft Office 365 does not specialize in data backup and recovery. Ultimately, you are responsible for these activities in order to keep your organization’s data safe in the cloud.

Get fully protected with Spanning Backup for Office 365.

A staggering 60% of companies that lose critical data shut down within six months of the loss. Data loss, and the worry that surrounds it, can be easily avoided by pairing Office 365 with a complete backup and recovery solution.

Instead of spending countless hours searching for a misplaced file or attempting to recreate a deleted document, why not just restore the data with a simple tool and get back to work in a matter of clicks? Instead of managing and configuring several settings for deleted items, recoverable items, and more for each application within Office 365, you can easily ensure that all data in Office 365 is backed up (for good) and recoverable with a complete cloud-to-cloud backup solution like Spanning Backup.

Automated, daily backup; free, unlimited storage; and simple search and restore mean you never have to risk data loss due to an unexpected purge or top causes of SaaS data loss, including human error, sync error, malicious insiders, and hacking.

This post has been updated from an earlier version first published in July 2015.

Download our 3-Step Guide to Protecting Data in Office 365

GOT SOMETHING TO SAY?