Does Microsoft 365 back up your data?
Microsoft 365 backs up data on a regular basis as part of a commitment to data protection activities that generally support disaster recovery situations and keep your data accessible in accordance to their uptime SLA (99.9%). However, your organization remains ultimately responsible for your data protection as these backups are not available to administrators or end users and are not intended for aiding in the quick and easy restoration of lost data. While it is possible to recover lost data via Microsoft 365’s backups, the process will often prove tedious, costly, and detrimental to business continuity.
What is the retention policy in Microsoft 365?
Microsoft 365 retention policies and capabilities are varied across its numerous services and tend to change with some frequency. While each service comes with a default, retention policies can be customized by administrators and are often used by organizations to manage and govern their data by establishing a preferred schedule of retaining and deleting content. This practice, however, does little to absolve organizations from their data protection obligations.
How do we change the retention policy in Microsoft 365?
Retention policies can be applied in a variety of manners depending on the retention and deletion needs of an organization. They can be set to apply across an entire tenant or configured to affect only certain users and/or locations. Similarly, policies can be applied across all content types or restricted to content meeting specified conditions. For more detailed information on Microsoft 365 retention policies and how to manage them, please see Microsoft’s overview of retention policies.
How long does Microsoft 365 keep emails?
The default retention setting for all messages and folders within Microsoft 365 is “Never Delete”. As such, Microsoft 365 emails and the contents of which should remain accessible unless acted upon by the user or systematically deleted via custom retention policy. In other words, Microsoft 365 has no stated policy of deleting emails automatically once they reach a certain age.
How long does Microsoft 365 keep deleted emails?
In the event that an email is deleted, it is first moved to the Deleted Items folder, which also has an unlimited retention setting. Items can be manually restored by the end user from the Deleted Items folder. If an item is deleted from this folder it moves to the Recoverable Items folder, which has a retention period of 14 days (admins can extend this period to a maximum of 30 days). Users and admins can recover items from this folder one at a time via a process known as Single Item Recovery. Once an item exceeds the retention period or is further deleted, it is moved to the Purge Folder.
Can you recover purged emails?
Emails that have reached the Purge Folder will be retained for a maximum of 14 days. From here, only admins are able to use the Single Item Recovery feature to recover items for their end users. Once the 14-day retention period expires, items are permanently deleted from the tenant and become unrecoverable if a backup solution is not in place.
What happens to inactive Microsoft 365 accounts?
Microsoft 365 accounts are generally rendered inactive in the wake of an employee’s departure or extended absence from an organization. An admin will often choose to remove this account in which case the user’s data and account become restorable for a 30-day period before it is permanently deleted. In order to avoid critical data loss, the admin should consider what they want to do with the license moving forward and how they would like to deal with the departed user’s OneDrive and email content before deleting the user (removing the account) from the organization. To learn more, read Microsoft’s advice on deleting a user from your organization.
Can deleted Microsoft 365 accounts be recovered?
If a Microsoft 365 user account is deleted from a tenant there is a 30-day window to restore the account and all associated data. This 30-day period in known as the “soft deleted” state and there is a documented process (dependent on the manner of deletion) by which an admin may fully recover the user account. Once this 30-day retention period expires, the account is permanently deleted (hard deleted) and cannot be recovered if a backup and recovery solution is not in place.
Why should we back up our Microsoft 365 data?
Microsoft has taken extensive measures to alleviate the risks of data loss within Microsoft 365 and has put safeguards in place to ensure your data’s safety from any fault on their behalf. However, they cannot protect you from the actions of your users and threats beyond their control that constitute the majority of data loss events.
Even with an SLA that promises to keep your data accessible 99.9% of the time, they make no guarantee that their services are immune from disruption and “recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.” The bottom line is that the safety of your Microsoft 365 data is your responsibility and Microsoft alone cannot defend you from data loss.