Skip to content

Do I need to backup Office 365?


At boxxe, we understand the importance of strong, resilient and comprehensive data backups to avoid losing time, data, and revenue

Do I need to backup Office 365?

Yes, if you don’t want to lose time, data, and revenue.  Microsoft 365 is one of the most widely used cloud platforms offering a suite of applications like SharePoint, Exchange Online, OneDrive, and Teams. But its popularity shouldn’t be mistaken as an organisation’s all-encompassing data protection offering. 

Author:  Malcolm Plested, boxxe Pre-Sales Solution Architect
Posted:  28 April 2023
Category:  Blog

Water-tight data protection is a non-negotiable

There’s a widespread misconception that data created and stored in the cloud does not need to be backed up. 

Water-tight data protection is a non-negotiable.

As a solutions architect (and ex-consultant), I’ve visited many different businesses with a wide range of solution requirements.  Despite that variety, there’s one question every company asks:  Do I still need to ensure that my data in Office 365 is backed up?

While Microsoft 365 provides basic data protection features, it is not enough to protect against all potential threats.  And with so many organisations moving their data to cloud based solutions, the need to protect it is becoming more and more critical. 

When data is deleted or corrupted, companies face four major problems: lost data, lost time and lost revenue and loss of reputation.

Data loss is often a major concern for Office 365 customers as Microsoft’s backup policies can’t guarantee a complete and speedy restore of lost data. Even if it is retrievable, the process is long and complicated, and retention policies vary for each application included in the cloud platform.

The diagram below can help you identify who is responsible for each aspect of Office 365, and therefore, which data protection measures your company needs to take charge of.

Microsoft Cloud Responsibility Model

Microsoft Cloud Responsibility Model

As you can see, Microsoft does not cover all aspects of data protection which means you are responsible for protecting your data from things like human error and external hackers.

It can be a lot to take on, which is why we always recommend deploying a Cloud Backup Solution

Reasons to use a third party backup provider


Ransomware attacks

You need to consider a multi-layered approach when it comes to security against cyber-attacks. Without sufficient backup, Office 365 data is vulnerable and companies stand the risk of losing all of their files.

As we saw with the emergence of the Conti ransomware group in 2021 just having a 2nd copy of the data is no longer enough either, backups were specifically targeted in these and other attacks. This places increased importance on having Immutable and Air gapped backups with full access controls in place around the backup data.


Additional costs & data loss due to inactive licences

An active Office 365 licence is required to access Office 365 data.  Without it, inactive or deprovisioned user data is permanently deleted.


Data loss due to Permanent deletion

If a SharePoint Online administrator deletes a site collection, all data will be placed in the Recycle Bin where it is deleted after 90 days. After it is automatically deleted, there is no rollback option.


Data loss when restoring files

When restoring older files from a SharePoint backup, the restore is targeted at the same URL. This means it will overwrite whatever data currently exists in the site collection – not the individual file or folder.


Business downtime

Contacting Microsoft Support for assistance with possible data loss can be very time consuming, even after you’ve identified the proper document version.


Retention gaps and compliance

Microsoft 365 only offers 90 days’ maximum audit history, which may not meet government and organisational policies.


Legal hold and eDiscovery

When involved in litigation, and dealing with Data Subject access requests you must comply with court-ordered eDiscovery and legal hold requirements. Without the right tools, bringing data together in order to meet compliance can be painstaking.

Work with us

At boxxe we understand the importance of strong, resilient and comprehensive cloud protection.

We recommend solutions which follow the NCSC guidelines to ensure maintenance of resilient data backups – if one is compromised, at least one other remains.  The most common method for creating resilient data backups is to follow the '3-2-1' rule: at least 3 copies, on 2 devices, and 1 offsite.

That’s why we’ve partnered with Druva for its Backup for Office 365 Managed Service.  Druva's Data Resiliency Cloud, built on a microservices architecture in AWS, provides complete protection for all your O365 data whilst storing the backups outside of the Microsoft ecosystem protecting you from Cloud Concentration.  An infinitely scalable, elastic, air gapped platform, protects against data loss through immutability of all backups, ransomware cannot execute within the platform and Data governance and compliance tools provide an acceleration of E-Discovery and federated search capabilities across all data sets.  All whilst minimising operating costs (by eliminating investment software, infrastructure & cloud storage) and your IT Staff are free to focus on important tasks rather than backup administration.

Interested?  Let’s have a chat!

Get strong, resilient and comprehensive data backups to avoid losing time, data, and revenue

Call us on the number below or fill in the form and we will be in touch.

I would like to receive news and updates: