Microsoft 365 Backup – Microsoft Do That, Right?

Microsoft 365 Backup policy

You may think that Microsoft actively backup the data stored on their cloud platform for you to restore by default, or that they provide this service at an additional cost. The reality is that they do provide the following protection:

Protection against loss of service due to hardware failure or natural disaster
Short-term protection against user and admin error (Recycle Bin, soft delete)

But that leaves the following areas of risk:

Accidental Deletion

If a member of the business accidentally deletes something they can recover it or ask IT to recover it within 30 days. That is, if they notice they have deleted it, or find out they needed it within 30 days. If they do not, the data will be gone.

Hackers, ransomware, and other malware

Say you suffer a ransomware attack and large amounts of data are encrypted; restoring all of the affected data to a point in time where it was good with built-in tools would take a great deal of time.

Malicious insiders

Like accidental deletion but on-purpose – the user would never report the data is gone – you can use Microsoft tools to alert you to odd behaviour patterns, but these are typically available in the more expensive licences and add-ons that you can purchase. If the malicious user is also an administrator even these features would be rendered irrelevant.

Departing employees

If an important member of the business leaves and their account is deleted, their data is deleted after 30 days. This leads to a choice – pay monthly for that account to retain the data or back it up. Backups enable this data to be retrievable for as long as needed.

Common Misconception

One of our partners, Carbonite + Webroot, shares insight into the common misconception that Microsoft 365 is backed up.

Protection from risks

To protect from these risks Microsoft recommends third-party backup in the Service Availability section of its Services Agreement. The diagram below shows highlights he fact the responsibility for data, user accounts and identities ALWAYS lies with you, the customer.

GET IN TOUCH!

Things to consider for a backup solution

So with all this in mind, If you are looking for a backup solution – here is a guide as to what to look for:

Simplicity
- The less screens, settings and options presented the better – but never at the cost of functionality. You need to be able to backup and restore data, quickly easily and reliably and report on failures and issues promptly.
Features
- While most Microsoft 365 Backup solutions appear to work the same way there is sometimes a significant difference between them – make sure you know the things a Backup product cannot do as well as the things it can.
Storage Location
- If your Data is stored in “UK South” then the backup should be in a different datacentre or possibly even a different platform. It is always a good idea to know where your data is, who can access it and what happens if that data is lost – who backs up your backup?
Immutability
- Great word – in backup terms it means the data cannot be deleted until it is outside of its retention period – essential to repel insider threats. This delves into the sphere of data loss prevention and security but from a backup perspective having immutable backups even your own Admins cannot delete until they have expired, mitigates much of this risk.
Regulatory Requirements
- We all know about GDPR but there are other regulations that can apply – these all need to be addressed as part of your backup (and wider cloud) strategy to ensure you can survive loss as painlessly as possible whilst maintaining compliance.
Security
- Security should underpin your whole IT Strategy. In backup terms it is about who can see and restore the data stored in the backups, how is that data stored and encrypted, and what controls and processes are there to deal with a security breach.
Cost
- Despite all the above you need to have a cost-effective solution – make sure that you are getting the features you need but not those you don’t.

Microsoft 365 backup and recovery

To see what a Central Management System (CMS) offers, Carbonite + Webroot have provided a demo into their CMS and the benefits it delivers for organisations.

About the author

Mark Willis

Technical Consultant at Koris365

A specialist in Microsoft Technologies with over 20 years experience in planning, deploying and managing Microsoft solutions with supporting technologies. Mark has vast experience in designing, customising, and implementing technology solutions for customers in the Unified Communications and Messaging space, from small scale SMB sites to large global deployments for both the private and public sectors.

Categories:

Blogs

Tags:

Microsoft Security

Contact

Email: hello@koris365.com

Phone: 0345 230 0365

Koris365

Solutions & Support

Cloud Cyber Security Infrastructure & Virtualisation Network & Connectivity Security Unified Communications & Collaboration Support

Legal

Koris365 Domain Modern Slavery Privacy & Cookies Policy Sustainability & Environment Corporate Social Responsibility Policy Terms & Conditions

Koris365 Offices

Koris365 North

Unit 15 Pavilion Business Park,
Royds Hall Lane, Leeds, LS12 6AJ

Company Reg No: 02276852

Koris365 Central

8 Grovelands, Boundary Way
Hemel Hempstead, HP2 7TE

Company Reg No: 06215347

Koris365 South

8 Grovelands, Boundary Way
Hemel Hempstead, HP2 7TE

Company Reg No: 07709017

Koris365 Ireland

Trinity House, Charleston Road, Ranelagh, Dublin 6, Ireland, D06 C8X4

Company Reg No: 727514