NovaBACKUP Security Blog

Is it necessary to back up Microsoft 365 data?

Microsoft 365 Data

The flexible and collaborative nature of SaaS tools like Microsoft 365 (formerly Microsoft Office 365) is benefitting companies of all shapes and sizes.

Recent revenue posts from Microsoft show an overall increase in revenue, due to the relative strength of its cloud services revenue, driven by Microsoft 365. The number of users surged during the pandemic as employees, who suddenly found themselves working from home, increasingly moved to online tools in order to do business. Microsoft Teams alone is up to over 270 million users in 2022 as compared to 145 million in 2021.

It should be crystal clear that backing up Microsoft 365 data is a necessity, but many organizations are under the impression that it is not required. Why? It may be that some businesses assume that Microsoft is already taking care of backups for you, but that is not the case. The truth is that Microsoft is only protecting data availability, meaning that their focus is preventing an interruption in services.

The official take is that Microsoft operates under a “shared responsibility model” where information and data recoverability falls entirely within the responsibility of the customer. In short, they take responsibility for the security and infrastructure of their data centers, but users are required to protect their own data. Perhaps unknown to many - Microsoft goes as far as recommending that you “regularly backup your content and data” using “third-party apps”, via their Microsoft Services Agreement document. 


What incidents might cause data loss?


Outages certainly aren’t unheard of. In fact, there’s even a Microsoft Twitter account for checking the status of Microsoft 365 and recent service incidents. If disruptions were to take place resulting in the loss of data, Microsoft has made it clear that they aren’t responsible, and you may be unable to recover that data if a backup is not at the ready.


Imagine for example that an employee quits and you no longer want to maintain their Microsoft 365 subscription (a recurring cost). Deleting a 365 account results in the deletion of all the data on that account. Is there any guarantee that you won’t need that data later? Account deletion might also occur due to basic human error. In either case, the Microsoft data-retention policy (typically 30 days) may not suffice for your personal or legal, regulatory requirements. 


Accidental deletion is a common problem. Good data is occasionally overwritten with bad data, and other human errors are seen as intentional actions by the system. Beyond the accidental loss of data, there’s also the potential of malicious behavior internally, for example from an exiting disgruntled employee. As employees already have access to data, the best course of action is to limit damage as quickly as possible. Because once data is deleted from a second-stage recycle bin, that data is gone permanently. Without a restorable backup in place, the organization is left without recourse.  


Hackers have developed efficient methods to breach defenses using methods such as phishing and other types of social engineering, making employee education ever more important. It also goes without saying that Ransomware and other modern cyber-threats are becoming increasingly more sophisticated at accessing and separating users from their data. Microsoft does offer layered defenses against malware and ransomware encryption, though it is unclear if future forms of attack may target Microsoft 365 data or find new ways to access, steal and leak sensitive data.

Ensuring that security precautions including Multi-Factor Authentication, use of strong passwords, and well-managed access rights, will go a long way towards the prevention of data leaks and loss. Nevertheless, data loss must be prepared for. NovaBACKUP offers a SaaS application backup to secure Microsoft 365 data including Mail, Calendars, Contacts, Tasks, Groups, Teams, OneDrive, SharePoint, and more. This technology option provides a simple and powerful way to automatically protect your critical data in the cloud and restore it on demand. We invite you to learn more on our SaaS Application Backup page and discuss your unique environment with our backup experts. Speak with our data protection team today.

Tips and Tricks for Backing Up Your Microsoft 365 Data