Backup Microsoft Exchange/Office365

M365 Backup: Why is it imperative to protect Microsoft 365?


Microsoft 365 formerly referred to as Office 365 is a SaaS application that provides productivity and collaboration through a diverse set of micro-services and applications such as Exchange Online, SharePoint Online, Skype for Business Online, Microsoft Teams, Exchange Online Protection, Office in a browser, and many others. Microsoft recently made a distinction between M365 and O365. Therefore, M365 is a bundle of services that includes O365, and many other services as mentioned previously. I will be discussing these details in a subsequent guide. Here are some related guides that might interest you: How to Cancel Office 365 Family Subscription, how to complete Microsoft Office 365 Family Subscription, how to install Microsoft Teams on a Mac PC, and how to install and activate Office 2019 on your Mac PC.

As of today, data is the most critical resource and one of the most valuable currencies in the world. In Cyber Security, we refer to data as the New Oil. This Forbes link will highlight more on this. Now that we are aware of how important our data is, adequately protecting our data is paramount in effectively managing and maximizing its potential. Your data is your biggest asset and it must be protected.Here is another helpful guide: Remove Office license file: How do you change the account that Office says it belongs to on a Mac?

I believe you are here because of the following questions below. Below are the questions frequently asked. As we progress through the course of this article, each of these questions will be answered.
• Does Microsoft back up my data?
• Is this really my company’s responsibility?
• What is Microsoft responsible for?

In M365, the two technologies that help in securing backup are Replication and Backup. Microsoft performs replication of your data. As we have discussed, this isn’t enough! You have to perform data Backup in order to comply with retention policy and protect against accidental deletion. A separate copy of your data on a separate media anywhere of your choice in the cloud or on-premise will help protect your asset (data). The figure below shows what you are responsible to (protect).

src: cloudally

Should I Backup My Microsoft 365 data?

This is a vital and disputable topic. This question has been asked on various platforms such as Microsoft Forums and was answered by a Microsoft MVP with an affirmative “Yes”. as shown in the image below for some of his arguments.

Src: Microsoft

In this article, I will describe why it is important to protect M365. Before diving into these details, let’s dispel the myths surrounding protecting Microsoft 365.

Microsoft 365 Data Loss Prevention: A disgruntled administrator or an attacker can delete your data in Microsoft 365. Also, Microsoft has a Data Handling Standard policy for Microsoft 365 that specifies how long customer data is retained after deletion. Regardless of the scenario, the retention period is very short. Having an Enterprise modern data protection in place is imperative for protecting Microsoft 365 data. Backup and recovery solutions help capture a point-in-time copy of a file, database, etc. This means that any data that are deleted accidentally can easily be recovered, but it also means that files are protected against ransomware attacks!

If you do not have a backup in place and this retention period is exceeded (elapses), the data is rendered commercially unrecoverable. I am sure this is not what you want. For compliance reasons, you also do not want this to happen.

Furthermore, Microsoft doesn’t provide a native backup for Microsoft Office 365. As described in the above-mentioned link, the default retention periods are 30-180 days on average. This can lead to a lot of non-compliance with data retention regulations which can result in huge fines.

Regulatory Compliance: Regulatory compliance, internal governance requirements, or litigation risks require organizations to preserve email and associated data in a discoverable form. All data in the system must be discoverable and none of it can be destroyed or altered. The industry-standard term for this is “immutability.”

When you do not comply with the above regulations, there will be a tremendous financial impact, regulatory fines, litigation expenses, security expenses, stock value loss, brand value loss, reputational damage, and customer turnover. Combined, the cost of data loss can run into millions of dollars, placing a burden on organizations and impacting their business.

Protection against Cyber threats and Ransomeware attacks: We are all aware that Ransomeware is a disaster and causes roughly two million US dollars per incident. A recent report has found that threats in Microsoft 365 have grown by 63% over the last few years. With the risk of attack on the rise, it’s crucial that you have a strong backup and recovery solution in place to secure your data in the event of a breach.

Even if you take every precaution to protect your organization, you can still fall victim to a ransomware attack. Ransomware is big business, and in today’s threat landscape Microsoft 365 is an ever-increasing target for sophisticated attacks. As you can see, the very first recommendation is having a backup in place.


With this in mind, Secure backup is your last line of defense against Ransomeware attack! Therefore, protect your data by reducing the risk of compromise with a comprehensive data security today.

Furthermore, you may want to use Microsoft Purview to help protect your organization against some of these insider risks. Microsoft 365 risk prevention features are designed and built-in into our insider risk products and solutions. These solutions work together and use advanced service and 3rd-party indicators to help you quickly identify, triage, and act on risk activity.

If you decide to drill down on the different aspects/responsibilities associated with your M365 account, it becomes evident what the end user controls such as data and configuration, thus becoming responsible for any mistakes via administration (management). In the end, it is your DATA and it is your sole responsibility to protect it.

Having discussed the above points, there is a real and urgent need to protect your O365 workload. And the right solution for this is Veeam back for Microsoft 365. There are a lot of other back solutions, but from my rigorous tests, I would recommend you use Veeam Backup for Microsoft 365 (v6). This is the present version at the time of writing this guide. Please see this TechDirectArchive blog post on more compelling reasons to use Veeam Backup for Microsoft 365.

In addition to protecting your Microsoft 365 data and services with backup solutions, it is crucial to defend against cyberattacks and guard against data loss. Ensure a good data protection strategy for Microsoft 365 is in place. Also employ Microsoft 365 Defender, which is a comprehensive security suite designed to provide pre-and post-breach protection and insights. Lastly, in order to prevent credential stuffing, ensure that Multi-Factor Authentication (MFA) is enabled.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x