Backup Microsoft Exchange/Office365

Microsoft 365 Backup: Why is it imperative to protect M365?

Microsoft 365 Backup: Why is it imperative to protect M365?

This guide explains some Backup Solutions for Microsoft 365, which is a SaaS application that provides productivity and collaboration through a diverse set of micro-services and applications such as Exchange Online, SharePoint Online, Skype for Business Online, Microsoft Teams, Exchange Online Protection, Office in a browser, and many others. Recently, Microsoft made a distinction between M365 and O365. Please see how to Query MBAM to display the BitLocker Recovery report, and How to configure and use Pleasant Password RDP SSO.

Therefore, M365 is a bundle of services that includes O365, and many other services as mentioned previously. I will be discussing these details in a subsequent guide.

Here are some related guides that might interest you: How to Cancel Office 365 Family Subscription, how to complete Microsoft Office 365 Family Subscription, how to install Microsoft Teams on a Mac PC, and how to install and activate Office 2019 on your Mac PC.

Importance of Data

As of today, data is the most critical resource and one of the most valuable currencies in the world. In Cyber Security, we refer to data as the New Oil. This Forbes site referenced will highlight more on this. Now that we are aware of how important our data is, adequately protecting our data is paramount in effectively managing and maximizing its potential.

Your data is your biggest asset and it must be protected. Here is another helpful guide: Remove Office license file: How do you change the account that Office says it belongs to on a Mac?

I believe you are here because of the following questions below. Below are the questions frequently asked. As we progress through the course of this article, each of these questions will be answered.
• Does Microsoft back up my data?
• Is this really my company’s responsibility?
• What is Microsoft responsible for?

In M365, the two technologies that help in securing backup are Replication and Backup. Microsoft performs replication of your data. As we have discussed, this isn’t enough! You have to perform data Backup in order to comply with the retention policy and protect against accidental deletion.

A separate copy of your data on a separate media anywhere of your choice in the cloud or on-premise will help protect your asset (data). The figure below shows what you are responsible to (protect).

What you should protect and backup
src: cloudally

Should I backup my Microsoft 365 data?

This is a vital and disputable topic. This question has been asked on various platforms such as Microsoft Forums and was answered by a Microsoft MVP with an affirmative “Yes”. as shown in the image below for some of his arguments.

Should I Backup My Microsoft 365 data? Yes! Via Microsoft Forum
Src: Microsoft

In this article, I will describe why it is important to protect M365. Before diving into these details, let’s dispel the myths surrounding protecting Microsoft 365.

Microsoft 365 Data Loss Prevention

A disgruntled administrator or an attacker can delete your data in Microsoft 365. Also, Microsoft has a Data Handling Standard policy for Microsoft 365 that specifies how long customer data is retained after deletion.

Regardless of the scenario, the retention period is very short. Having an Enterprise modern data protection in place is imperative for protecting Microsoft 365 data. Backup and recovery solutions help capture a point-in-time copy of a file, database, etc.

Leads to the effortless recovery of accidentally deleted data. While also providing robust protection against ransomware attacks for files.

If you do not have a backup in place and this retention period is exceeded (elapses), the data is rendered commercially unrecoverable. I am sure this is not what you want. For compliance reasons, you also do not want this to happen.

Furthermore, Microsoft doesn’t provide a native backup for Microsoft Office 365. As described in the above-mentioned link, the default retention periods are 30-180 days on average. This can lead to a lot of non-compliance with data retention regulations which can result in huge fines.

See how to configure and use Pleasant Password RDP SSO, and how to fix you are not allowed to view this folder on SSRS: MBAM reports cannot be accessed because it could not load folder contents.

Regulatory Compliance

Regulatory compliance, internal governance requirements, or litigation risks require organizations to preserve email and associated data in a discoverable form. The system must ensure the discoverability of all data while preventing any destruction or alteration. The industry-standard term for this is “immutability.”

When you do not comply with the above regulations, there will be a tremendous financial impact, regulatory fines, litigation expenses, security expenses, stock value loss, brand value loss, reputational damage, and customer turnover. Combined, the cost of data loss can run into millions of dollars, placing a burden on organizations and impacting their business.

Protection against Cyber threats and Ransomware attacks

We are all aware that Ransomware is a disaster and causes roughly two million US dollars per incident. A recent report has found that threats in Microsoft 365 have grown by 63% over the last few years.

With the risk of attack on the rise, it’s crucial that you have a strong backup and recovery solution in place to secure your data in the event of a breach.

Even if you take every precaution to protect your organization, you can still fall victim to a ransomware attack. Ransomware is big business, and in today’s threat landscape Microsoft 365 is an ever-increasing target for sophisticated attacks. As you can see, the very first recommendation is having a backup in place.


With this in mind, Secure backup is your last line of defence against Ransomware attacks! Therefore, protect your data by reducing the risk of compromise with comprehensive data security today.

Furthermore, you may want to use Microsoft Purview to help protect your organization against some of these insider risks. Our insider risk products and solutions incorporate and integrate Microsoft 365 risk prevention features.

These solutions work together and use advanced service and 3rd-party indicators to help you quickly identify, triage, and act on risk activity.

If you decide to drill down on the different aspects/responsibilities associated with your M365 account, it becomes evident what the end user controls such as data and configuration, thus becoming responsible for any mistakes via administration (management). In the end, it is your DATA and it is your sole responsibility to protect it.

Having discussed the above points, there is a real and urgent need to protect your O365 workload. And the right solution for this is Veeam back for Microsoft 365. There are a lot of other backup solutions, but from my rigorous tests, I would recommend you use Veeam Backup for Microsoft 365 (v6).

This is the present version at the time of writing this guide. Please see this TechDirectArchive blog post on more compelling reasons to use Veeam Backup for Microsoft 365.

In addition to protecting your Microsoft 365 data and services with backup solutions, it is crucial to defend against cyberattacks and guard against data loss. Ensure a good data protection strategy for Microsoft 365 is in place.

Employ Microsoft 365 Defender also, which is a comprehensive security suite designed to provide pre-and post-breach protection and insights. Lastly, in order to prevent credential stuffing, ensure that Multi-Factor Authentication (MFA) is enabled.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x