How safe is your Office 365 data?

Is your Office 365 data safe? Your reaction is probably, “Why would it not be?” or “Microsoft takes care of it automatically don’t they?”

Microsoft takes care of quite a bit and provides a great service for their customers, but primary focus is on managing the Office 365 infrastructure and maintaining uptime to your users. Microsoft leaves the responsibility of protecting and backing up your data to YOU. Many users believe that Microsoft fully backs up their data automatically, but this is not the case. The backup and recoverability that Microsoft provides and what users assume they are getting, are often very different.

Ultimately you need to ensure that you have access to, and control over, your Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams data. This blog explores why backup solutions for Microsoft Office 365 fill the gap of long-term retention and data protection of your critical data.

Microsoft Services Agreement
“We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”

Microsoft Services Agreement: Effective October 2020 – Services Availability 6 (B)

Accidental deletion

If you delete a user, intentionally or not, that deletion will be replicated across the network, along with the deletion of the user’s OneDrive for Business account and mailbox.

Native recycle bins and version histories included in Office 365 can only offer limited protection against data loss. What should be a simple recovery from a proper backup can easily become a bigger problem after Office 365 has geo-redundantly deleted the files you’re looking, or the data retention period has passed.

Legal and compliance requirements

You might unexpectedly need to retrieve emails, files or other types of data in the event of legal proceedings – something that will never happen to you, until it does. While it’s true that Microsoft has a couple of built-in safety nets (litigation hold and retention), these do not constitute a robust backup solution that will keep your company out of legal trouble should you not be able to produce requested evidence. For example, with a BackOnline backup solution, if you accidentally delete emails or documents before implementing a legal hold, you’ll still be able to retrieve them thereby ensuring you meet your legal obligations.

Legal requirements, compliance requirements and access regulations may vary between industries and countries, but fines, penalties and legal disputes are three things we all want to avoid.

Internal security threats

All businesses are exposed to threats from the inside, and malicious incidents involving company data, fraud and system damage are happening more often than you think. Organisations can easily fall victim to threats posed by their employees, both intentionally and unintentionally. Access and permissions to files and contacts can change so quickly, it can be hard for administrators to keep an eye on those entrusted with document and general information management. Microsoft cannot tell the difference between a regular user and a terminated employee attempting to delete critical company data.

You should never settle for less than reliable, granular restore of Office 365 email items, SharePoint sites, documents, libraries, and lists, as well as OneDrive for Business accounts, files, and folders. By protecting your daily data integrity, you will ensure resilience and recoverability in the face of any threat.

External security threats

Malware and viruses, like ransomware, have done serious damage to organisations across the globe. Not only is a company reputation at risk, but the privacy and security and integrity of internal and customer data is also vulnerable.

External threats can sneak in through emails and email attachments, and it isn’t always enough to educate users on what to look out for – especially when the infected messages seem entirely legitimate or compelling. Exchange Online’s limited backup/recovery functions are inadequate in the face of a serious attack. Regular and tested backups will help ensure a separate copy of your data is uninfected, stored securely offsite and quickly recoverable.


There are security gaps you may not have been aware of before. You’ve already made a smart business decision by deploying Microsoft Office 365, now find a backup solution that offers you both complete access and complete control of your Office 365 data and avoid the unnecessary risk of data loss.

You may also be interested in the following articles
Our SMB backup solutions

Cloud Backups

Fully integrated, fast and secure way to backup your business data to the cloud, without the need for costly and complex infrastructure.

Search icon small

Online Data Recovery

Rapidly restore entire servers or individual files from our Australian data centres via our easy to use, secure web portal.

Office 365 Backups

Eliminate the risk of losing Office 365 data from accidental deletion, security threats and retention policy gaps.