Microsoft 365 Backup: Is It Really Necessary?

Microsoft 365 Backup

The fact that more and more organizations rely on the cloud services offered in Microsoft's Modern Workspace is now a certainty, and there is no doubt that this is thanks to the completeness of its offer in the field of Communication & Collaboration.

However, what tends to be overestimated is the responsibility Of the data that Microsoft, like other SaaS platform providers, hires within its platform. It is therefore essential to understand the boundaries of these responsibilities And how can these impact on your business and that of your customers.

Contrary to popular belief, cloud data is not immune to loss, but is subject to the same risks as on-premise data. And, since the frequency of accidents is all too common, it is good to take a stand and choose consciously how to deal with such problems.

The question is: Does Microsoft back up 365 data?

The answer is: partly and we're going to motivate her in this very article.

Microsoft 365 and shared responsibility

Let's start from the purely theoretical part: Microsoft 365, like other Software-as-a-Service (SaaS), uses the model of shared responsibility. According to this model, Microsoft is fully responsible for the global Office 365 infrastructure and its availability 24 hours a day, 7 days a week, 365 days a year, while, for the rest, He washes his hands. This means that, for most of everything that doesn't involve the physical security of Microsoft's data centers, the responsibility is in your hands.

Backup Microsoft 365 e responsabilità condivisa
Microsoft 365 Backup and Shared Responsibility

In addition to infrastructure, what is Microsoft's responsibility for data protection?

As you can see from the diagram above, Microsoft, in addition to protecting the infrastructure, offers supporting technologies that, if properly configured, can be a first option for defending your data. It being understood that the following features are not a substitute for full backups, you can count on:

  • Data replication: thanks to the mirroring of data on at least two different datacenters within the same region, you are protected from localized natural disasters or other service interruption events;
  • Recycle bin and data retention policies: Microsoft makes available a two-phase recycle bin that allows users to recover files within a reasonable period of time, which can be extended and customized. What is difficult, however, is not so much the saving of the data, but its recovery;
  • Microsoft Native Backup: Microsoft also provides a native Basic Backup every 12 hours and keeps the data for 14 days. This functionality brings with it certain limitations, such as: a Recovery Time Objective (RTO) that does not necessarily meet the needs of every reality and a compulsorily complete recovery that will overwrite the data contained in the tenant.

Reasons to consider an external Microsoft 365 backup?

Taking note of Microsoft's responsibilities, you must therefore consider that there are scenarios in which you are directly responsible and you must actively protect your Microsoft data. Among them:

  • Accidental deletion of data: accidental deletion, modification or overwriting is certainly the most common and catastrophic cause of data loss and can be mitigated thanks to an external backup;
  • Gaps and confusion in the retention policy: the complexity of Microsoft's retention policies may compromise proper implementation, leaving data at risk of loss after the retention period expires;
  • Internal security threats: The risk of internal threats, such as employees deleting essential data, is as common as that of external threats. Having a high-level recovery solution reduces the risk of losing or destroying critical data;
  • External security threats: as we said a few lines above, external threats are just as dangerous. In fact, ransomware is becoming more sophisticated and dangerous every day, so a backup can easily restore the data of an instance before the attack;
  • Legal and compliance requirements: It is also possible that, during a legal action, it becomes necessary to recover emails, files or other types of data. Although Microsoft has already implemented some of the features in this regard, they are not always sufficient to meet a similar regulatory compliance requirement;
  • Managing hybrid email deployments and migrations to Microsoft 365: If a company is migrating to Microsoft 365 or has a combination of local Exchange and Microsoft 365 users, the exchange data must be managed and protected in the same way, making the source location irrelevant;
  • Teams data structure: the Microsoft Teams Backend is complex, and it is necessary to ensure that the data inside it is also protected.


To recap, the reasons why we recommend that protect your 365 environment are different and suitable for every scenario. Backing up Microsoft 365 data is certainly a smart and forward-looking business decision, and eliminating the risk of losing access and control in a flexible way over this data is now essential to achieve your Recovery Point objectives.

Are you ready to guarantee the usual protection for your Microsoft 365 data? 👉 Talk to us about it.

You might also be interested