Microsoft 365 – Backing up data is your responsibility and here’s why…

Jul 25, 2022


One of the most effective ways to mitigate the effects of cyber attacks, natural disasters, and similar challenges is to shore up your business continuity plan. Even though it can be difficult to prevent negative events 100% of the time, you can still minimize their impacts with a thoughtful strategy and the right tools.

Despite what you may have thought, Microsoft 365 does not come with backup, and Microsoft recommends utilizing a third party to ensure data is backed up in the event of a disaster.  Microsoft 365, formerly Office 365, is a suite of Microsoft’s best productivity apps including Exchange Mail, Calendar, Contacts, OneDrive, SharePoint, and Teams data, with the added benefit of powerful cloud access, device management and security, all in one product. This business productivity haven supports countless organizations and their customers in various day-to-day operations — ensuring your Microsoft 365 is backed up should be a priority.


Why is backing up Microsoft 365 your responsibility?

“While Microsoft 365 does offer a variety of system availability and data protection capabilities, it doesn’t really satisfy all of today’s stringent data protection, disaster recovery, legal and compliance requirements.” – Quest.  Accidental changes and deletion of data is one of the most common causes of data loss; humans make mistakes, and this is normal, just ensure your company’s reputation is not smeared as a result of a mere accidental delete. In addition to accidental misfortunes, Microsoft 365 is not immune to hackers and malicious software gaining access to your accounts and data. No software is 100% safe from security vulnerabilities, and it is up to you to ensure you have a backup in place to prevent catastrophic damage caused by bad players.

Microsoft offers data retention and deletion policy that supports the intentional or accidental deletion of documents and data, but this is certainly not a long-term data retention policy, something that has become required by numerous compliance regulatory bodies. Microsoft has a data handling standard that specifies how long customer data is held depending on whether it was an Active Deletion or a Passive Deletion. The former refers to a user with an active Microsoft 365 subscription — the retention period for this data is at most 30 days if deleted. The latter refers to a user with an inactive Microsoft 365 subscription — the retention period for this data is at most 180 days, after which Microsoft will wipe all data belonging to an inactive user. You can find the complete table of Microsoft’s data handling policies here.

In addition, Microsoft does not offer a 3-2-1 backup strategy where the storage of production data is backed up on two separate devices, with one being offshore. To summarize, although Microsoft offers some data retention policy, it is far from a perfect solution and therefore a third-party backup is preferable to ensure data is preserved without a time limit, regardless of whether your company is still using Microsoft’s products or not.


Why do you think Microsoft backs up your mailbox data?

Every mailbox database in Microsoft 365 is hosted in a database availability group (DAG) and four copies of the data are replicated to data centers (usually) in different geographical locations. This ensures the data is protected from software, hardware and even data center failures. However, this precaution is only meant to provide recovery in the rare event of a system-wide failure from Microsoft; it is not meant as a backup method for individual mailboxes. The fourth copy in the DAG is known as a lagged copy and synchronization to this location can only be delayed by 14 days, after which any accidental or malicious data changes cannot be reverted. As such, a third-party backup solution should be utilized.


How should you backup your Microsoft 365 data?

Although there are a few viable third-party options for backing up your Microsoft 365 data, one of the best solutions is provided by Axcient and is a product called x360Cloud. Axicent x360Cloud is a sophisticated solution that automatically backs up Microsoft 365 and Google Workspace data so that it can always be located, stored and audited for uninterrupted business continuity after a data loss incident — x360Cloud. Data is backed up to the encrypted, tamper-proof Axcient cloud, ensuring you can sleep peacefully knowing that your data is safe and recoverable at any time. x360Cloud is just one of the many great products we use at Robust to provide our clients with reliable business continuity solutions. As a Robust client, we handle the entire purchase, configuration and maintenance lifecycle of sophisticated software solutions so that businesses can focus on what they do best without needing to worry about the IT intricacies their business relies on. To speak with one of our experts today and find out how we can support your business’ IT needs, please make your way to the Robust contact us page or feel free to call us anytime during our opening hours.



Ultimately, the backup of your Microsoft 365 data is your own responsibility. Mistakes, malicious attacks and a lack of complete understanding of Microsoft’s services can result in damaging consequences for your business and your customers. To prevent this, utilize a third-party backup solution yourself or contact Robust Network Solutions for a comprehensive overview of the many services we can provide to your business as an outsourced IT consultant — we have over 20 years of experience in the field.

Writer: Yazan Judeh