Microsoft provides a wide array of powerful services within Office 365 to enable a dynamic, collaborative workplace for its customers. And despite the inclusion of some high quality security measures and attention to privacy, compliance, and accessibility to support the robust functionality of the application, research shows that data loss and protection are still major concerns for most businesses migrating to the Cloud.

Part of that worry can be alleviated by ensuring that your business take regular secure backups of critical data and has the ability to quickly restore that data to the appropriate application in the event of data loss. This article will examine a few key backup policies offered by Office 365 so that you can determine where Microsoft’s responsibilities regarding backup and recovery end – and where yours begin, giving you the knowledge to feel confident that you can fully protect Office 365 data and wield the power of the Cloud without concern over data loss.

The ‘Do’s and Don’ts’ of Microsoft’s backup and retention policies.

Data loss is often a major concern for Office 365 customers because Microsoft’s backup policies cannot guarantee a complete and speedy restore of lost data. Even when data is retrievable, the process tends to be long and complicated, time businesses can ill afford. Moreover, retention policies vary for each application included in the Cloud platform.
Applications like OneDrive and SharePoint power much of the collaboration capabilities within Office 365. However, that collaboration can be put in jeopardy when user error, hacking, sync issues, or rogue employees cause data loss. For example, although, both apps leverage a primary and secondary recycle bin with 93-day retention periods, these can be emptied at any time which means that data becomes irretrievable.

Key Areas of Customer vs Microsoft Office 365 Data Responsibility

Microsoft also recently released a OneDrive restore feature, which enables end users to roll back all their files to a previous point in time within 30 days. But there are major limitations with this policy:

  1. Most importantly, it adds no new protection – if the data has been deleted, it cannot be restored.
  2. For the data that does still exist in OneDrive, it is an “all or none” destructive restore – which means a user has no choice but to roll back all changes made in their OneDrive account to the selected time – instead of being able to limit the changes to specific files and folders.

Exchange Online also has its own unique set of retention policies. By default, deleted emails go into the Deleted Items folder. Once they are purged from this folder, they are sent to a secondary ‘Recoverable Items’ folder, with a 14-day default retention period. And while this may sound like the answer to all your backup and retention issues, consider this:

  • Retention policies and capabilities vary from service to service within Office 365; indeed, services like Microsoft Teams often don’t have similar safeguards.
  • Microsoft’s policies are always evolving and tend to be very complicated. If you aren’t constantly monitoring your organisation’s data and investing time to understand their complex landscape, it’s easy for things such as critical data to fall through the cracks.
  • Office 365 backup and retention policies can only protect you from data loss in very limited scenarios and cannot take the place of 3rd party backup solutions.

Microsoft’s backup and retention policies are NOT a substitute for a complete backup and restore solution.

Even more importantly, Microsoft’s policies are not designed so that customers have direct access to backed up data with the ability to easily restore it. According to Microsoft MVP Brien Posey:

“The sad truth is that you might not have as many options for restoring your data as you might think. As such, it is critically important to understand your options for disaster recovery in an Office 365 environment…Microsoft says they also perform traditional backups of Office 365 servers. However, those backups are used for internal purposes only if they experienced a catastrophic event that wiped out large volumes of customer data…This can be a bit disheartening, because item-level recovery alone is often inadequate. Item-level recovery protects an organization against deleting items such as messages or mailboxes, but it does not allow for the recovery of a corrupt mailbox. Neither is there a provision for reverting a mailbox server to an earlier point in time (such as might be necessary if a virus corrupted all the mailboxes on a server). The Office 365 service-level agreement addresses availability, not recoverability.”

While Microsoft does a number of good things in order to safeguard their customer’s data, the bottom line is, Microsoft Office 365 does not specialise in data backup and recovery. Ultimately, you are responsible for these activities in order to keep your organisation’s data safe in the Cloud.

Get fully protected with Syscomm’s Office 365

for Office 365 Backup as a Service.

According to PWC, a staggering 70% of companies that experience a major data loss go out of business within a year. Data loss, and the worry that surrounds it, can be easily avoided by pairing Office 365 with a complete backup and recovery solution.

Instead of spending countless hours searching for a misplaced file or attempting to recreate a deleted document, why not simply restore the data with an easy to use tool and get back to work in a matter of clicks? Instead of managing and configuring several settings for deleted items, recoverable items, and more for each application within Office 365, you can easily ensure that all data in Office 365 is backed up (for good!) and recoverable with a complete Cloud backup solution like Syscomm’s Office 365 Backup as a Service solution.

Automated, daily backup and simple search and restore mean you never have to risk data loss due to an unexpected purge or one of the top causes of SaaS data loss, including human error, synchronisation errors, malicious employees, and external threats such as hacking or viruses.

For more information, read Safeguard Your Data With Syscomm BaaS for Office 365


Call 0247 771 2000 for a quote, or email [email protected]


Have a question? We're always happy to chat through our solutions

Let us call you for a quick chat

Please fill out the form below and one of our professional and friendly team will be in contact with you.