Why should I backup Office 365? It’s already included, isn’t it !?

I’m afraid you’re wrong 🙂 . A common misconception about the migration to a Cloud-based platform is the assumption that you no longer have to care about a backup strategy anymore since it’s “already managed by the vendor”. You’re right about the infrastructure, but your data remains your own responsibility.

Another common misconception is:

“Office 365 has a recycle bin, which is good enough“.

Be aware, the average time from compromise to discovery is over 140 days, which easily runs out the default retention periods. Never assume your company is not going to be compromised, maybe it’s already…

And last but not least, why would a migration to the public Cloud be any different from a migration to (for example) a new data center, from a business continuity perspective? Maybe because you’re adopting PaaS or SaaS platforms? Doesn’t make sense, right?

Well hold on, don’t panic! 😀

A lot of Cloud vendors (like Microsoft) do have a number of (limited) backup and restore facilities in place by default. Also you should first ask yourself and investigate:

“Does it meet my corporate business continuity or disaster recovery strategies?” (if there is any)

As I’m primary focused on Microsoft Cloud I will give you some reasons to convince your manager (or maybe yourself 🙂 ) why you should care about backing up your corporate Office 365 environment(s):

Reason #1 – Because your Business Continuity Strategy requires you to

As already introduced above, as soon as your business-critical systems (like email or a DMS) are going to be migrated, you need to ensure it all respects your business continuity strategies.
It includes planning how to manage network connections, workspaces and many more business critical aspects in the event of a disaster like a cyber attack, natural disasters, etc.

Please do not underestimate the importance of this strategy, no matter how small or large your company is.
We all know that “oh no!” moment when a file is suddenly gone because of a crash or forgot to save. It’s frustrating.

Now imagine it’s all of your company data instead of 1 personal file. The last thing you need is a hurricane of panic across your IT department because you never documented (or tested) how to recover a.s.a.p. I mean, think about that. I know it’s not directly related to Office 365, but I thought it was important enough to make you think about it.

Reason #2 – Because of compliance or legal requirements

Compliance or legal requirements may require you to (unexpectedly) retrieve data, whether it’s still in use or archived months or years ago.

“What about Litigation Hold – Yes it’s there, and it does offer a good way of preserving mailbox data. However, it’s certainly not a robust backup solution because it lacks the protection of non-Exchange data like SharePoint or OneDrive data. In other words, when a personal account is being deleted, only the Exchange data is retained.

Reason #3 – Because of security threats

We can divide this reason into two categories. External and internal security threats.

We’re all familiar with types of attacks within the external threat category, like malware, viruses, ransomware, and so on. A good example of such external threat is a virus which spreads through emails and attachments via phishing. A robust backup solution will help you to ensure emails are protected with a separate copy allowing you to restore items individually and quickly.

The second category, internal threats, involves employees tampering with data intentionally or unintentionally. This is happening more often than you think. No matter how sophisticated an integrated backup solution works, a Cloud vendor will never know the real difference between an employee with legit intentions versus a former employee still having access because his/her account isn’t disabled (yet).

Reason #4 – Because of human errors

When a user is (intentionally or accidentally) deleted, this deletion is replicated across the company network and Cloud services. At worst, all of his/her SharePoint or Dynamics data is deleted permanently. Yes, there are some safeguards like built-in versioning and recycle bins, however, there’s a decent chance it won’t cover the specific “oh no!” scenario you’re dealing with (such as expiring retention). Dive down the rabbit hole of backup providers or solutions and discover which product suits best for easy recovery.

Reason #5 – Because of retention

As already introduced above, retention limits can be confusing and subject to day-to-day changes in the Microsoft Cloud. The built-in retention policies can only cover a limited number of data loss scenarios.

A solid retention policy includes agreements to decide when to retain, delete or retain and then delete content when needed. It also defines a scope whether it includes the entire organization, or specific group of users or systems. And who’s responsible for that? Yes you’re right — you (as a company) are!

Are you curious to learn about the Office 365 retention policies? You can find them here.
Decide for yourself whether they’re sufficient, or you need to fill some gaps using a 3rd party solution.
Personally, I always think there will be gaps.

Final thoughts

As soon as you are convinced that you need a backup solution for your Office 365 environment, investigate which product or products suits well for your organization. However, keep in mind the story won’t end by just buying and implementing the solution, but you’ll have to keep assessing the backup needs on ongoing base.

I hope this was informative for you, and would like to thank you for reading my blog. If you would like to discuss about the content, please feel free to drop a comment below.