Yes, You Can Lose Data from Exchange Online

I hear this question a lot – can I really lose data if I’m using Exchange Online (via Office 365)? Doesn’t Microsoft protect that data?

Well, Microsoft does an AWESOME job protecting the data, for their business needs. That means they are going to make sure that your data is available, as long as you have told them to have it on their platform. Microsoft has built protections into their platforms to make sure they do not lose your data by accident. Customers are never going to worry about your Exchange server going down, patching servers, taking snapshots of the EDBs, Microsoft is doing all that now, and honestly, they know how to administer and host their products better than anyone. This is pretty typical behavior of all SaaS providers; they take over the management of everything from the software down the stack. This is actually why people go to a SaaS model.

However, Microsoft knows they can only do so much to protect your data, and ultimately, they can only do so much to protect your data from you. They can’t protect your users from accidentally deleting data, or an admin from accidentally (or maliciously) deleting key data from your environment.

In making the transition from on-premises Microsoft Exchange to the Office 365 environment, Exchange Admins go from managing everything in the stack to only managing the administration of the application and the users. You’ll notice the box labeled ‘Data’ in the graphic is blue. That’s because the responsibility for data protection is shared. As long as the data loss falls under something going wrong with the hardware or software itself, Microsoft is responsible. But, if an authorized user makes a request to delete data, then Microsoft is going to honor that request. And that’s a good thing. Think about it: if SaaS providers didn’t delete the data you asked them to delete, we’d all have huge issues with them with regards to data privacy.

Bottom line: Microsoft will make sure that they aren’t the ones that lose your data, but you are ultimately responsible for the durability of your own data.

So the question becomes: can authorized requests to delete data from Office 365 cause data loss? YES! From Microsoft’s point of view, a user error in deleting data, an administrator’s mistakes, a disgruntled employee’s intentional data deletion – all of these are understood in the system as authorized requests. Then, there are still the threats from hackers and viruses.

Before we examine these common data loss scenarios for Exchange Online, let me remind everyone: We only back things up so that we can recover them!

Microsoft doesn’t provide data recovery, especially in the way we are used to recovering emails from traditional, on-premises backup products. Without a third-party backup solution, you’ll find yourself spending hours with PowerShell and attempting to keep up with the changes from Microsoft (in the SaaS world, changes come fast, often without any warning!). The only way to have rapid recovery of data back to production from Office 365 it is to have a backup product. This is where Spanning Backup for Office 365 shines! Spanning ensures you have a restore experience that’s similar to how you service your end users on premises, without spending hours of time figuring it all out.

Four ways Exchange Online email messages can be lost

  1. Users can purge the “junk folder” aka recoverable items folder. It’s gone after 14 days default (30 days if the administrator extends this period manually).
  2. Administrators can misconfigure retention time periods.
  3. Authenticated accounts can be hijacked and messages can be deleted and/or purged.
  4. Employees who are leaving may purge their email. This “cleanup” effort could be innocent, or it could be an intentional effort to purge information before they move on.

Is litigation hold a replacement for backup software?

Microsoft advises customers to put everyone on litigation hold. It’s true, you can put your users on litigation hold, and that will preserve ALL of their emails. But remember, you generally back up data so that you can restore it again. And if you use litigation hold, restoring isn’t an easy process, because it is part of Microsoft’s archive package.

Archive software is different than backup and recovery software. With archive software, you’re not expecting to recover emails quickly, in many cases you are responding to a litigation request to provide emails that match certain criteria from an entire lifespan of a mailbox. Archive software is designed to keep emails, but not necessarily to restore them rapidly. That’s the ultimate purpose of backup software: to make data available for quick and easy restoration to the production environment.

Here’s how you recover emails if a user is on litigation hold:

  1. First, make sure the Exchange Online admin has the appropriate rights.
  2. Using archival search tools, the admin sets out to find the emails.
  3. Once the admin has found a range of emails that match a search query, they must refine the list to the emails that need to be restored.
  4. Once the admin has narrowed the list, he/she needs to get the messages into a PST.
  5. Finally, the admin must get the PST to the user (and perhaps help them figure out how to use it).

If emails that need to be recovered are not on litigation hold and you are still within the 14-day recoverable items window, admins may need to use PowerShell to restore them.

This process is cumbersome and can take more time than a busy admin can afford when serving thousands of users.

Still not convinced? Hear from a few leading Microsoft MVPs on this topic:  

In this post, I focused on Exchange Online because that’s what Spanning Backup for Office 365 covers today. Soon, we’ll be adding support for Calendars and OneDrive for Business. How are you protecting your calendars and OneDrive for Business now?