Many businesses rely on Office 365 to keep the business running and store their vital data there, but are Office 365 backups enough? Keeping your data safe, secure, and backed up is crucial, so let’s find out whether Microsoft suits your business needs or you need to employ a third-party backup service.

How you can lose data in Office 365

Malware attacks

Whilst Office 365 offers some basic protection against cyber attacks, users still receive emails laced with malware. Ransomware, phishing, and viruses can cause irreversible damage to your data. And Office 365 offers very limited backup recovery functions. It’s simply inadequate for serious cyber attacks

Vulnerability in Office 365

At any time hackers can exploit a weakness in Office 365 causing you to lose crucial data. It’s important to consistently download any updates as they tend to contain vital patches that fix any vulnerabilities found. Recently, a popular Office 365 tool was compromised. Microsoft Power Automate which is a great tool that automates day-to-day tasks, increasing productivity and enabled by default was exploited by hackers. They were using it to automate the exfiltration of data.

Accidental deletion

if you delete a user, accidentally or not, that deletion is replicated across the network. Along with the deletion of their OneDrive for Business account and mailbox, it’s unrecoverable. It’s common for a member of staff to delete a file that they assumed was not needed. And if they don’t realise their mistake in time, that data will be gone. This can reduce your productivity and cause major disruptions depending on the data deleted.

Overwritten data

When a user overwrites data in Office 365 the new data is saved over the old data meaning that the previous data is unrecoverable.

Recovering from these scenarios can be difficult and time-consuming if you only rely on Office 365 recovery options. OneDrive and SharePoint can be helpful, but it’s limited as it does go against storage allocation meaning that you will have to buy extra storage. And if you rely heavily on Office 365 you will find yourself having to constantly purchase more storage.

Does Office 365 offer backups?

  • It protects against loss of service that was caused by hard drive failure or a natural disaster
  • Short-term protection against the user and/or admin error


Usually, Office 365 backups and recovery are very different from what users assume they are getting. They offer a geo-redundancy which is often misunderstood and mistaken for a backup solution. What this does is protects against site or hardware failure so that users can remain productive.

You need to understand that their protection is a shared responsibility and often it’s not enough for businesses that handle crucial data. In fact, Microsoft themselves recommends users to use a third-party backup solution.

Problems with the Recycle Bin

There are no true backups here. Deleted files are only kept for a fixed amount of time. And in the case of accidental deletion, if you don’t recover it in time, that data will be unrecoverable. This is especially true for files that aren’t frequently used or accessed and you may not realise that they have been deleted. All in all, it only protects you from data loss in a very limited way, and should not be relied on.

You may also want to disable the recycle bin if you delete highly sensitive files with the intention of them never being recovered or seen by anyone else.

Retention Policy

  • Office 365 has a 30-day retention period.
  • SharePoint is backed-up every 12 hours with a 14-day retention period


You can set up an archive and deletion policy for mailboxes. This will automatically delete items from the mailbox, for example, once they reach a certain age limit. You can also apply retention tags; these are rules that determine what items need to be moved or deleted.

As you can see this retention policy is quite limited and for most businesses, it should not act as your back-up solution.

These policies are always changing and evolving making it hard to keep up with. And the restoring process can be much more difficult than you want.

3-2-1 Rule of Backup

An easy acronym for a common approach to keeping your data safe in even the worst-case scenario. It’s advised that all businesses follow this rule as it takes care of your sensitive data.

The rule is: keep at least 3 copies of your data, 2 backup copies stored on different storage mediums with 1 of them located offsite. Office 365 backup strategy does not support this rule fully therefore it’s a good idea for you to employ a 3rd party backup tool. It’ll make data recovery much quicker, easier, and stress-free.

Pin It on Pinterest

Share This