Skip to content


Thirteen Group - Keeping Data Safe


Protecting Microsoft 365 data from ransomware attacks and accidental deletion

Thirteen Group logo

Customer Success Story

Flexible, secure backup of business-critical Microsoft 365 data

Thirteen Group is a landlord and housing developer that provide homes for rent and sale. They manage 34,000 properties from North Yorkshire to York.

We are thrilled to have been Thirteen's chosen technology partner for several digital transformation projects over the years, helping them find more efficient, modern and less expensive ways of working.

"Working with boxxe has been a fantastic experience, they saw my vision and brought it to life, adding their own innovative and forward-thinking ideas.  It’s paved the way to Thirteen Group being Microsoft-first in our future developments."

Jayne Allport , Head of Service, Systems & Application Improvement, Thirteen Group


Recover files

 95% faster 

Thirteen’s IT team can now recover lost or deleted files 95% faster – taking minutes instead of hours.

Find records

 in minutes 

Requests required hours of trawling through physical tape. With Druva, the team can find all records in minutes, saving valuable time while staying compliant.

GDPR regulations

 100% compliant 

Thirteen have the ability to complete 'right to be forgotten' requests in minutes.


Through boxxe's Backup as a Service with Druva, we helped Thirteen deploy a flexible, secure way to back-up and restore its business-critical Microsoft 365 data.

In fact, Thirteen’s IT team can now recover lost or deleted files 95% faster – taking minutes instead of hours. The solution simplifies the location and recovery of specific data points, no matter how granular.  This is crucial as UK GDPR laws give people the ‘right to be forgotten,’ meaning anyone can ask Thirteen to erase all records containing their personal data.

Previously, these requests required hours of trawling through physical tape. With Druva, the team can find all records in minutes, saving valuable time while staying compliant. The ever-present threat of a ransomware attack used to be a serious concern of Hassan’s team.

"We will likely experience a ransomware attack, and how we recover is going to be testament to our character and the controls we now have in place. Druva is a key part of that recovery plan. There are a lot of systems we could do without, but not Microsoft 365. It’s the heart of our business, and Druva ensures that data is secure so our company can continue serving our customers."

Hassan Bahrani , Head of IT, Thirteen Group

What did we do?


Four years ago, Thirteen began its cloud journey by moving to Microsoft 365 using Exchange Online, OneDrive, SharePoint, and Teams for closer collaboration, and the large-scale storage of business-critical data.

However, Thirteen relied on Microsoft’s out-of-the-box recycling, in which deleted files are only held for 90 days by default. This put the organisation at risk for irrecoverable data loss.

Microsoft operates a shared responsibility model, meaning it is responsible for protecting the platform while its customers are responsible for long-term data retention. 

Without secure backups in place, Thirteen risked data loss to accidental deletion, platform disruption, or ransomware. It had to replace insufficient tools and processes to respond to the increasing volume, and variety of threats.


For Thirteen's IT team, the top priority for data protection was cloud-native capability.

Thirteen Group approached boxxe as they were looking to protect their SharePoint Online environment and users’ Microsoft 365 data. 

Their challenge was backing up large volumes of data into the cloud, and providing resiliency from the Microsoft ecosystem. 


With our understanding of Thirteen's challenges and the solutions available in the marketplace, partnering with Druva to deliver this solution was the immediate choice.

Druva is built on Amazon Web Services (AWS), which was key for the team because it enabled them to achieve complete separation between Microsoft 365 data on Microsoft Azure and its backups. 

Furthermore, backups cut ties with original data, protecting against corruption if a security breach occurs. 

Additionally, Thirteen, not Druva, manages the keys to encryption for data at rest, giving the organisation complete control and privacy.


Druva provides the Thirteen team peace of mind, protecting backups against infection, as single sign-on (SSO), multi-factor authentication (MFA), and role-based access controls (RBAC) isolate and control data access to guard against infection and encryption.

With Druva, the team know exactly how the company will recover affected Microsoft 365 data when, not if, a ransomware attack happens.


"While Druva’s features are important, support is as equally as important and when we reached out to Druva, we received amazing expert advice. They quickly fixed any issues, and always well within our service level agreement (SLA)."

Hassan Bahrani , Head of IT, Thirteen Group

Interested in how we helped the Thirteen Group get better data protection?

Keep your business-critical data secure. Get in touch today.

I would like to receive news and updates: