February 15, 2019
Microsoft provides a wide array of services within the Office 365 platform and it has now grown to over 155 million monthly active users with over 3 million new users added every month. The platform has invested in high-quality security measures and attention to privacy and compliance, but this does not include backup of the data.
It is a common misconception that Microsoft provides backup of all your Office 365 data, what Microsoft actually do, is make sure your data is available in multiple locations using geo-redundancy. The main differences between geo-redundancy and backups are:
- Geo-redundancy replicates your data to three different locations, providing protection against hardware failure or power issues by failing over to another server.
- Backups are a historical copy of data which is stored in a separate location for a set period of time, based on your retention. It is important that backups are stored in a separate location with separate access and control so that if data is ever lost or subject to a malicious attack then it can be restored from the backup data.
Here are some of the main reasons why you should back up your Office 365 data:
1. External security threatsEmail phishing attacks accounted for 90% of data breaches in 2018 and even with the introduction of increased email security and user training, 230,000 new malware variations were detected every day last year so there will always be some that get through. Microsoft provides in‐geo data residency which means your data is replicated in at least two datacentres, but if your mailbox is affected by malware then this will also be replicated and there is no way to do a point in time restore of the mailbox.
2. Internal security threatsOrganizations face data breaches internally from some users who may unknowingly download an infected file or leak usernames and passwords to sites they thought they could trust, resulting in data being lost. Another example of an internal security threat is terminated employees who may want to delete data before their access is revoked. Microsoft does provide a recycle bin for most Office 365 services, but usually, the users will also have access to this, so it will not stop the data loss. 3. Retention policy confusionOffice 365 retention policies can be set at both the tenant level and the user level and they will set how long an item is kept within a folder on the user’s mailbox. The policies allow users and admins to automatically clear out old data which is no longer needed, but they can also cause data to incorrectly be removed if not set up correctly. Microsoft will store items in the recoverable items for 14 days by default after they have been deleted by the policy, but after this time they will no longer be recoverable.
4. Accidental deletionWhen a user accidentally deletes data from Office 365, then the deletion is also replicated to the other datacentres and this may not just be a file in OneDrive, but a change to the user’s license may cause data deletion too.
Microsoft provides recycle bins and version history which allows for data to be restored but this is only when the data has been marked as a soft delete, an example of this is a user emptying the deleted items folder. If an item is tagged to be purged from the mailbox then this cannot be restored, and an example of this is if a user purged the recover deleted items.
Ultimately it is Microsoft’s responsibility to make sure that the Office 365 service is available and can be accessed, but it is the responsibility of the business to provide protection and long‐term retention of the Office 365 data. It’s your Data, Microsoft only provides the infrastructure to store it!