Microsoft 365 Backups – Who is responsible?

In today’s modern workplace, it has become a key tool for communication, collaboration, and productivity with products such as Exchange Online, OneDrive/SharePoint, Teams, and a vast amount of productivity apps.

Through using these applications, users and businesses generate and store a staggering amount of data, but who is responsible for this data? There are many misconceptions around Microsoft 365 backups, and perceptions that Microsoft are responsible, which is not really the case.

A report published by Statista shows that over 211,000 companies in the UK use Microsoft 365 and with the increase in cyber-attacks customers are being asked to confirm their data retention, backup and recovery procedures for insurance purposes, ISO standards, or as a requirement to win contracts and when it comes to data stores in their 365 tenant to common question is “Why do I need a backup for Microsoft 365, doesn’t Microsoft take care of it?”. 

Although there are limited, short-term data loss recovery options within Microsoft’s platform such as the recycle bin, you would be shocked to know that the average length of time to identify and contain a data breach, according to IBMs report conducted in 2021, is 287 days. A surprisingly large gap in time until you notice something is missing by which it would be too late to retrieve it from the recycling bin. You need to have complete access and control over your critical business data so that you have full data retention to cover all gaps. In that way, when disaster strikes, you have recovery options at your fingertips.

In an earlier blog, we discussed why it is essential to back up your critical data. However, when examining Microsoft 365, there are a few more reasons why you should do so. Here they are:

• UK Data Regulatory laws and audits – You are required to be compliant with laws that regulate business data practices such as GDPR, and the Data Protection Act 2018. Specifically, GDPR requires data to be always available and this will include your 365 data.
• Managing hybrid email deployments and migrations to Microsoft 365 – Whether you are migrating to Microsoft 365 or have a blend of on-premises Exchange and Microsoft 365 users, the exchange data should be managed and protected the same way.
• Microsoft Teams data structure – If your business is using Microsoft Teams, you may not realise how complex it is, Teams is not a self-contained application, meaning the data generated in Teams resides in other applications, such as Exchange Online, SharePoint Online and OneDrive. With this added layer of complexity, ensuring the data is adequately protected is paramount.