Generic Backupify
August 19, 2020
Cloud-to-Cloud BackupOffice 365

A Comprehensive Guide to Microsoft 365 Data Storage and Backup

Big or small, every company measures success by the productivity of its workforce, and their ability to effectively collaborate and communicate. As the global workforce becomes even more mobile, more companies are turning to tools and applications that ensure a safe and efficient workflow from anywhere, at any time.

This need for an agile and resourceful workforce is the main reason more than 38 million people subscribe to Microsoft 365. Gartner predicts that by 2021, more than 70% of businesses will adopt cloud office capabilities.

Microsoft 365, the cloud-based model of the desktop-based Microsoft Office suite, launched in 2011 (as Office 365) with the goal of helping businesses create a more collaborative environment. Microsoft 365 simplifies email syncing, organizing and assigning tasks across teams, and team communication.

If you’re among the millions of businesses that have migrated your mission-critical data to the cloud for efficiency and collaboration, it’s critical you understand how your data is—and isn’t—protected with Microsoft 365. In this guide, we provide a thorough review of data recovery and backup in Microsoft 365.

How Does Microsoft 365 Retain Data?

Like most cloud service providers, Microsoft offers rigid security measures to protect its users’ data. Despite those measures, we continue to read about cloud security hacks in the news. Gartner notes that in “nearly all cases, it is the user, not the cloud provider, who fails to manage the controls used to protect an organization’s data.”

A recent study by the Cloud Security Alliance found that one of the greatest misconceptions when it comes to the cloud is who is responsible for security. “Organizations need to take more ownership of their business-critical applications while migrating them to the cloud.”

Given the amount of data your company is dealing with on a daily basis—emails, documents, text messages, video chats, invoices—knowing how to manage the protection and retention of this information is critical. There are not only industry compliance standards to meet, but also company policies you must adhere to. Deciding how to retain content can reduce your risk of litigation or a security breach.

Implementing the right data retention policy and ensuring your data is protected from loss means understanding the backup policies offered by Microsoft 365, so you can see how and where your shared responsibility begins.

Microsoft 365 and Backup Capabilities

While Microsoft provides businesses with powerful tools for communication and collaboration, Microsoft 365 doesn’t provide the strongest data backup or recovery options.

Is your data secure on Microsoft 365? The answer is yes. Will you be able to quickly and correctly restore that data if it’s lost or stolen in a breach? That answer is a little more complicated.

Data loss can happen for a number of reasons. The most common are:

  • User error
  • Security breaches and ransomware
  • Improper application syncing
  • Insider threats

Microsoft’s backup policies don’t necessarily guarantee a fast and holistic recovery when it comes to users’ data. While data can be recovered, it involves a long and complicated process, and usually depends on the application you are using.

Both OneDrive and SharePoint offer a 93-day retention policy on their recycle bins, unless the settings have been modified by your administrator. However, once the first and second recycle bin are emptied, there is no way to recover the data. While Microsoft 365 does offer retention labels and policies, they require the user to configure them, and usually involves an increase in storage capacity.

Microsoft 365 also offers users the ability to restore an older version of a file in OneDrive. Again this is dependent on the settings implemented by your site administrator. If the data has been deleted, it can no longer be restored.

For Exchange Online, different policies apply. When a user deletes an email, it’s stored in the deleted items folder. Once those items are removed from the deleted items folder, they are stored in a “recoverable items” folder for 14 days. Administrators can extend this to 30 days.

While Microsoft has implemented security measures to protect your data, it is by no means the perfect backup and restoration solution, especially when it comes to the right data recovery plan for your company.

As designed, the end user has very limited backup and restore capabilities, and does not have access to their backed up data on Microsoft 365. If you are unable to restore a file or critical data because it is outside of the retention period, it will involve a call to support and a wait for a solution.

How Does Microsoft 365 Store Data?

Microsoft 365 was designed with the idea that “it’s not a case of if things go wrong, but rather when.” Microsoft has built redundancy into the cloud services which allows their services to remain fully functional when failure does occur.

In order to achieve that, the company stores customer data in more than one data center in your geographic region. While they don’t reveal exact locations, they do disclose in which city your data is securely stored.

The data is not only replicated across multiple data storage locations, but it’s also encrypted—when at rest, and when in transit. In addition to implementing multiple encryption tech for data in transit, Microsoft 365 also allows the customer to establish its own encryption features.

Data is stored under what Microsoft calls resiliency principles:

  • Critical vs. non-critical data: Critical data is protected at all costs, while non-critical can be dropped in failure situations.
  • Customer data is separated into different datacenters.
  • Customer data is protected from corruption.
  • Data loss often happens due to customer error, so customers can recover accidentally deleted files.

What Is Throttling in Microsoft 365?

With all this talk about the cloud, it’s important to understand, your data is still being stored on servers in carefully chosen physical locations. Instead of your company having to purchase and manage those servers for your workforce to access work from multiple locations, you are paying for the flexibility of applications that are managed by Microsoft.

While their goal is always going to be to ensure smooth operations for its users, interruptions can occur.

Harnessing the power of the cloud relies on the speed with which you are able to collaborate and communicate with team members. So what happens when limits are enacted and you suddenly find your data is throttled?

How and where Microsoft stores all of its users’ data requires that they establish “resource limits.”

This limits the workload being transmitted by their servers to ensure the service remains responsive and fast. Without limits, the server could crash, and essentially disrupt service for all users. Throttling protects their servers, but also its customers’ access to their data.

Microsoft admits that “throttling within the service is especially important, given that network resources in Microsoft’s data centers are optimized for the broad set of customers that use the services.”

Throttling ensures everyone is being a “good neighbor” and able to access the servers. It may prevent one user from conducting a migration while another user (on the same infrastructure) is running a data backup.

What Is OAuth with Office 365?

Choosing to migrate your company’s critical services to the cloud via Microsoft 365 means you are trusting Microsoft to have measures that will protect your data, documents and every file you are transmitting on a daily basis, along with your ability to safely and securely access those files when you need them.

In addition to storing your data in its secure data centers and establishing data retention policies, Microsoft also uses encryption and several layers of authentication to set-up Exchange Online accounts.

Microsoft uses modern authentication, which is a combination of authentication and authorization methods between a client (your computer or smartphone) and a server. It also offers stronger security measures for user authentication and authorization.

The two methods Microsoft uses are:

  • Multi-factor authentication, Client Certificate-based authentication
  • Microsoft’s implementation of Open Authorization (OAuth)

OAuth provides a secure mechanism for Outlook to access Office 365 emails remotely without actually storing a user’s credentials.

Instead of sharing password information, OAuth uses authorization tokens to verify a user’s identity between a client and a server. It allows you to grant permission for Exchange Online to interact with Microsoft 365 without giving up your sign-in credentials.

Microsoft adopted the new access and security controls in 2015 as a more secure method of accessing its cloud services and applications.

What Is SaaS Backup?

While Microsoft implements as many security measures and safeguards as it can in order to protect its users’ data, the bottom line is this: in order to completely protect and secure your mission-critical data, you share in the responsibility of ensuring data backup and recovery controls are in place.

To better understand why businesses need SaaS backup, let’s first look at Microsoft’s native data protection:

  • For Exchange Online: Deleted item recovery, recovery item recovery, archive mailbox recovery, and request an email restore from Microsoft.
  • For OneDrive for Business: Restore from the recycle bin, restore from the second-stage recycle bin, and request site collection restore from Microsoft.

Balancing Microsoft 365’s existing security measures with a SaaS backup and recovery solution will help fill in the gaps and give you the confidence in knowing your data is secure and protected.

It means your team can rely on a secure and efficient cloud-based service that gives them the tools and applications they need to improve productivity, while also knowing their data and communication is protected.

A SaaS backup solution provides cloud-to-cloud backup, extending data protection and accessibility best practices to the cloud. It can protect against data loss due to a host of reasons:

  • User error
  • External security breach
  • Service failures
  • Ransomware

Cloud-to-cloud backup offers businesses faster backup and recovery speeds, and much like the major benefits of Microsoft 365, cloud backups are available anywhere, at any time.

A SaaS backup solution not only protects your company’s critical data, but ensures quick recovery in the event of a catastrophic loss.

What Backup Tools Are Available for Microsoft 365 Users?

As more businesses turn to the flexibility, efficiency and power of cloud-based office services, it’s time to start thinking differently as the end-user.

In addition to ensuring your Microsoft 365 administrator is properly set-up to keep your company’s information available and secure, you must realize that backing up your data is a shared responsibility.

Instead of asking yourself: How secure is my cloud-based office service? Ask: How can I securely use my cloud-based office service?

That means developing and implementing a reliable data backup and recovery strategy that goes beyond native functionality within Office 365.

Preparing for the worst to happen before it happens is good business. Relying on a third-party SaaS backup solution is smart business.

Data loss can occur for a number of reasons:

  • Accidental deletion
  • Departing employee
  • Ransomware or other hacking schemes
  • Malicious insider
  • Rogue applications
  • Provider’s outage

The best way to protect from any of these common causes is to adopt an independent backup solution. Backupify is a simple, cost-effective, automated and secure solution that mitigates personal and company risk in the cloud.

Backupify for Microsoft 365 ensures:

  • Microsoft 365 users and sites backed up three times a day
  • Unlimited storage
  • Captures snapshots of each users’ Microsoft Exchange online, Teams, OneDrive, SharePoint Online, Calendar, and Contacts
  • New user detection; Backup and automatic archiving of departing employees
  • Manage backups, restores, and exports easily via web UI
  • Built-in data encryption at rest and in transit; Core audit logs
  • Non-destructive restore, export capabilities
  • Restore files, sites, email, calendar directly into the live environment

With Backupify for Microsoft 365, your company will know there is a secure and reliable backup and restore solution in place, as your team takes advantage of the power and flexibility of working successfully in the cloud.

To learn more about cloud-to-cloud backup, request a free demo of Backupify.


SaaS Data Under Siege: Ransomware’s Rising Threat

Your cloud data could be just as vulnerable to the next wave of cyberattacks as data hosted on-premises

Office 365 logo

Secure Office 365 data protection. Backupify delivers fast recovery of Exchange, OneDrive, SharePoint Online, Calendar, Contacts and Microsoft Teams data.


Office 365 logo

Google Vault alone does not ensure your G Suite data is recoverable. Quickly restore lost data from Gmail, Calendars & Contacts, Drive and Shared Drives with Backupify.


See Why Backupify Wins SaaS Backup