Why backup Microsoft 365?

Author name


Over 80% of organisations worldwide have switched at least some of their core IT to the cloud, and approximately half of these are on Microsoft 365.

Some organisations conflate Microsoft 365 and other cloud services with backup solutions. Their assumption is that because the data is stored offsite from their own premises, this means it is backed up.

As this article will detail, doing so can be a costly mistake both from the perspective of regulatory compliance, and business continuity. Increasing numbers of UK organisations now keep some or all of their critical data in the 365 suite including SharePoint, Teams, OneDrive and Outlook.

In the event of a ransomware attack, accidental deletion or overwriting of files, or a compliance audit, it is vital to be able to return to a specific point in time prior to an incident occurring. The inbuilt tools within Microsoft 365 do not provide this ability.

‘Data retention’ versus ‘data backup’

According to Microsoft’s user license agreement , it provides ‘data retention’ – there is no mention of backup. In the vendor’s own words, its data retention policy does not provide backup.

The implication of this is that if data is deleted, Microsoft only retains it for a 90 day period before it is permanently deleted with no potential for recovery. Worse, if files or folders are overwritten by users either in error or deliberately, then crucial data objects can be instantly lost.

Microsoft 365 and backup

The best way to think of Microsoft 365 is a suite of collaboration tools. It allows users to efficiently share work, ensure availability, and create logical folders in SharePoint.

The crucial point to note when talking about backup is that although SharePoint and Teams files may look like archives, they are not automatically backed up to provide historical snapshots.

Compliance considerations

As well as the internal disruption that can be caused by data being overwritten, other implications can be even more undesirable. Because it is not methodically backed up or archived, files and folders hosted in Microsoft 365 do not satisfy many regional, national, or regional the data retention policies.

As a consequence, a failure to backup Microsoft 365 can leave organisations exposed to data erasure or loss, either as a result of genuine user error or more malicious intent. This can mean vital data cannot be provided for an audit or to satisfy a regulatory obligation. Similarly, it can lead to the loss of key financial data, contracts or product development documentation.

How to properly backup data in Microsoft 365

Because of the way Microsoft provides ‘data retention’ as opposed to backup, additional measures are required to properly backup 365 data. This ensures key documentation is not overwritten, and that compliance obligations can be met.

To plug these gaps in Microsoft 365’s native functions, ORIIUM SaaS integrates directly with the Microsoft 365 tenant to backup to a variety of storage targets. It can also carry out full or granular restores of protected data to protect against threats such as accidental deletion, user deletion, ransom attacks, and other service interruptions.

The solution provides further guard against Microsoft 365 outages by using an organisation’s own cloud targets or on-premise storage destinations. The process is also fully automated which means no manual configuration is required to setup new users – it works with a simple policy-based automatic backup.

As an additional layer of safeguard to protect against accidental deletion, users cannot access the backed up data. This ensures no accidental deletion or malicious purges can take place.

A complete solution

ORIIUM SaaS provides comprehensive protection for all Office 365 data. This reduces cost and complexity by eliminating the need for multiple backup protection platforms.

It also provides a complete vision of all data sources including Microsoft 365, G Suite and Salesforce. To satisfy regulatory compliance obligations, it also enables long-term retention policies to be created. In the event of data loss or ransom attack, the solution also provides a granular search, specified point-in-time recovery, and out-of-place data restore options to enable data to be redeployed onto a different device if required.

Find out more

Contact us on (0) 20 7 0399 266/  info@stadiacg.co.uk  to find out more about how ORIIUM SaaS can protect your Microsoft 365 data.

Cyber Essentials Plus accreditation achieved! (again)

20 Feb, 2024
We are proud to announce that we have achieved Cyber Essentials Plus certification, the higher-level qualification of the Cyber Essentials scheme. This certification is a government-backed scheme that demonstrates our commitment to protecting our organisation and our clients from cyber threats.

Cloud Migration - Is It For You?

12 Sep, 2023
Maybe. Migrating applications and infrastructure to the cloud offers several benefits that can positively impact organisations in various ways. Stadia has enjoyed bringing the benefits of cloud computing to many of our clients. It isn't necessarily for everyone, but if you haven't migrated some or all of your applications/infrastructure to the cloud, are you missing out? Let's take a look at the various aspects, starting with some of the key benefits: Cost Efficiency: Buying, maintaining, and refreshing your own hardware can be costly. Cloud computing often reduces capital expenditure on physical hardware and datacentres. You pay for resources as you use them, which can lead to cost savings, especially for small and medium-sized businesses. Scalability: Cloud services allow for easy scaling of resources up or down based on demand. This elasticity ensures that your applications can handle sudden spikes in traffic or growth without the need for significant upfront investment in hardware. Automatic Updates: Keen to see the back of those out-of-hours patching rotas? Cloud providers handle hardware and software updates, including security patches and upgrades, reducing the maintenance burden on your IT staff. Flexibility and Agility: Cloud platforms provide a wide range of services and tools that enable rapid development and deployment of applications. This agility allows organisations to respond quickly to changing market conditions and customer needs. Global Reach: Cloud providers have datacentres in multiple regions worldwide. This global presence allows you to deploy applications closer to your users, reducing latency and improving performance for a global customer base. Security: Cloud providers invest heavily in security measures, often surpassing what individual organisations can achieve. They offer features like encryption, identity and access management, and compliance certifications to help protect your data and applications. Reliability and High Availability: Cloud providers offer robust service-level agreements (SLAs) that guarantee high uptime and availability. Redundancy and failover capabilities are built into their infrastructure to minimise downtime. Disaster Recovery: Cloud services make it easier to implement disaster recovery and backup solutions. You can replicate your data and applications across multiple regions or datacentres, ensuring business continuity in case of disasters. Collaboration and Mobility: Cloud-based applications and services can be accessed from anywhere with an internet connection. This promotes remote work and collaboration among geographically dispersed teams.
Share by: