Does Microsoft backup my data in Office 365? Do I need more or additional backup?Alex Fields
A new reader question came in, and frankly it’s one that I hear a lot. I’m sure I have smatterings referring to this issue in other articles, but this one should stand to clear up the questions once and for all–this will be something I can point people to moving forward.
Alex, Love your site and your blog articles. They are awesome! I wonder if you would consider doing a blog post on backup strategies and options for Office365 (in non-hybrid setup). Thinking of how we keep safe all our cloud data in Sharepoint, OneDrive, Emails, etc. Do you consider the need for a third party product to accomplish this and if so do you have any thoughts on products you’d recommend? Or alternatively, are there any Office365 licences or settings we should have which keep us protected in the case that the worst case happens? […] Anything else we should consider to increase our disaster recovery abilities? Thanks Mike
I left out a long list of Mike’s considerations and thoughts here for brevity, but thanks for sharing them, Mike.
The shortest and best answer to this question is basically that you should plan for as much backup as you are comfortable with. Knowing what I know about the service, I do not use any third party backup solutions for my data in Office 365. But, that doesn’t mean my preference will be everyone’s.
Although I do not advocate for any particular solution, I can help shed light on what is possible out of the box, with various subscriptions. From there you can decide if that is enough protection for your needs.
How Office 365 data is protected against loss
On Microsoft’s Trust Center, you can read a bit about how data is protected in Office 365, from a security & compliance perspective. It’s fairly impressive, if you take the time to read up on it.
As regards availability of data: your data is always stored in more than one datacenter region within your designated geography (e.g. United States). Data is not only replicated to multiple storage locations within the primary datacenter region, but it must also be available in at least one other datacenter region at any given time (e.g. Chicago, IL and San Antonio, TX).
Therefore your data is highly available, and would be accessible in almost every type of disaster scenario, unless there is some event so catastrophic that multiple datacenters, geographically disparate, were to completely fail at the same time, and also to become unrecoverable in both locations (and then we have much bigger problems, no?).
So that speaks to some of the concerns around Business Continuity. Now let’s talk about backup. Contrary to popular belief, Microsoft does in fact back up Office 365 data. You can dig in and find more details about the resiliency, recovery and other protections of data on Microsoft docs:
- Data resiliency in Office 365
- Exchange Online data resiliency
- SharePoint Online data resiliency
- Protection against DDOS attacks
Regarding data that is deleted, whether accidentally or otherwise: lost data is recoverable for a certain period of time in every subscription, which varies based on the service. For SharePoint Online, deleted items stay in the recycle bin for 93 days before they are purged, and remain recoverable during that time.
Exchange Online retains deleted mailboxes for 30 days by default, and individual deleted items within a mailbox are recoverable for up to 14 days, but administrators can also increase this to 30 days (the same amount of time as a whole mailbox). Here is how you would increase this limit to its maximum allowed value via PowerShell for Exchange Online:
Get-Mailbox | Set-Mailbox -RetainDeletedItemsFor 30
With regard to either Exchange mailboxes or SharePoint libraries, it is also possible to ask Microsoft support to restore these locations to previous points in time according to the same limits. And with OneDrive, any user can perform a similar self-service restore, that is, without contacting support.
Just be aware that when either you or Microsoft performs a full restore of some library or mailbox to a previous point in time, that action will overwrite everything that is presently there today, and literally put it back to the date requested. This is good protection for say, a ransomware scenario, but not great for individual file restores.
And while Microsoft support cannot themselves restore individual items for you from the back-end, you can of course browse the recoverable items yourself and restore them (or roll back to previous versions of files within SharePoint, for instance).
Going beyond the default recovery options…
Additionally, with Office 365 Enterprise subscriptions, or any Microsoft 365 subscription (including Business), you will also have the ability to define Retention policies, which can preserve data (even deleted data) for whatever time period you specify in the policy.
At the end of the retention period, deleted items will follow the same rules as any other Office 365 data. Here is the default for SharePoint:
And for Exchange:
Remember that 14 days can be extended to 30. Also, with Exchange Online Archiving included in many Office 365 and Microsoft 365 plans, there is the option to enable Litigation hold on your mailboxes, which means data can be preserved indefinitely. To place all mailboxes on litigation hold using PowerShell, you can run this command:
Get-Mailbox | Set-Mailbox -LitigationHoldEnabled $true
Whether under retention or hold, even when the entire underlying user account is deleted, then the mailbox simply becomes an “inactive” mailbox that can be restored at any future point, on-demand.
Immutability / WORM
Another important concept here is data immutability. Office 365 complies with SEC rule 17a-4 or WORM (Write Once, Read Many). When a SharePoint document is copied into the preservation library, for instance, that document is no longer “alterable”–it is immutable. Likewise, mailboxes on hold or retention are immutable. Once data is written into the preservation locations, that data cannot be changed. Write Once.
So if a document in SharePoint changes, those changes are written into the preservation library, but the original version remains there too, still unchanged. This is what makes it possible to roll back to previous points in time, and know that the data has not been modified from that state. Therefore, you can restore information from the preservation library at any point during the retention period. Read Many.
Actual, granular recovery of data
So you turn on retention policies, and/or you just blanket enable litigation hold across all mailboxes. Okay, great. Meanwhile, all of the data, deleted or otherwise, remains available to eDiscovery and Content searches that are performed by admins.
Restoring data is therefore possible, as you can also export from a Content search or eDiscovery case. But having to “search” for the item(s) you want to restore is a bit different than a traditional backup solution, where you can mount an image of a file structure or mailbox, and copy out the items you were looking for. Some people aren’t comfortable with not being able to see the underlying structure, so to speak, where the recovered data is coming from.
Therefore, third party solutions can offer options that may be more attractive and flexible than what Office 365 provides using its native tool set. I personally feel perfectly comfortable using the Content search, but to each their own.
You should have as much backup as you are comfortable with
Now, knowing what I know about the service, I do not sweat the need for a third-party backup. That having been said, some people just will not be comfortable having all of their eggs in the Microsoft basket–relying on only one set of data protections (no matter how robust they may seem).
Additionally, some people may find that third-party products provide a better experience and accessibility for individual file or message restores. Just be sure you know why you’re getting the other backup. It should be adding some value. Get a demo in advance if you can. Most of the major ones out there will support both Exchange mailboxes and SharePoint/OneDrive data.
For smaller concerns, like temporary outages of cloud services, there are several third party continuity services out there that would allow you to continue checking on and responding to emails, for instance, through a third-party portal. Again, I don’t have any in particular to recommend.
And that’s about it. If you want or need any of the following, then you’re looking at a third-party:
- peace of mind for having a backup outside of Microsoft
- more convenience to restore individual files from different points in time without relying on a content search
- continuity during a major cloud provider outage
Otherwise, Microsoft does provide several protections against corruption, deletion, ransomware and disaster scenarios, right out of the box, which can be enhanced further using features such as retention policies and litigation hold. If that’s enough peace of mind for you (as it is for me), then that’s okay too.
Awesome. Thanks for answering my question. Lots to think about.
Another idea I read about somewhere, was using OneDrive client installed on a now freed-up server locally, to sync a copy of all Sharepoint libraries to your on-site premises. The idea being that you then have a live sync’ed copy on local disks. You can then run regular server backups to external backup drives on a rotation to grab copies of that local copy at fixed points in time. I thought that sounded like another interesting idea too! No licences or extra hardware required if you have these left from a migration.
Just a quick thank you for, once again, providing a comprehensive but clear explanation of a very important topic. ;)
Great article Alex. Thanks.
Hi Alex, When setting up a retention policy, if you choose to retain it for 6 months, and then say “Yes” to “Do you want us to delete it after this time?”, does this refer to deleting the edited/deleted copies of the original data, or does it also refer to deleting the original copy of the data as well? So that you’re left with nothing at the end?
And I don’t really see the point of the question anyway, because if you don’t delete the data after this time, then what is the point of setting the policy up in the first place? Won’t you just be retaining the data indefinitely anyway?
When you set delete on a retention policy all the versions associated with that file will be deleted. Some people want to retain but not necessarily destroy data. Let’s say during 5 yr retention with no delete specified, an item is deleted 2 years in. For three more years, it is retrievable per the policy. At the end of the retention period, it will still be deleted, because it was marked for deletion. However, if an item that is more than 5 years old was never deleted during its retention, just because it turns 5 years old and the retention period lapses doesn’t mean it would be destroyed.
When you turn on the retention policy for all locations – all users are supposed to be included in this compliance policy and rule. It shows All in the column. But when you view the mailbox policies for any user, it doesn’t show any retention policies as being set to $true and just shows the default MRM policy. So after you enable the policy and it shows ON (Success), how do you verify that it is actually working?
Do not confuse the MRM policy in Exchange with the retention policies in the security & compliance center. You can verify it in the portal or using the PowerShell module for the security & compliance center.
Hi Alex. As a business we kind of shelved the whole “Office 365 backup” thing as we were sort of happy it was backing up for us, but now my managers are getting nervous about it again.
Can I please put one scenario to you and ask for your thoughts.
If there was a ransomware attack that encrypted all of our user onedrive files in Office 365, and this rippled across all user profiles, and then replicated around all microsoft datacentres so that all current files were completely useless, could we recover all files to a previous “good” version before the attack?
If this was possible, could we also do it for all users at the same time? and within a short period of time?
Thanks for any feedback
Not sure if there is a global rollback. But you would have to make sure that whatever caused the problem is taken care of before you go restoring–this would be true no matter where stuff was hosted or backed up, otherwise you just play whack-a-mole and the problem rears its head again. Every OneDrive account includes restore–you can just say “go back to yesterday” or “last week” or whatever. Rather than worrying about the service, worry about your process to clean up after a breach event. How do you regain control if there is compromised account? Make sure you know how to get control of that, and how to clean up any infected devices, before restore efforts begin. That will dictate how long it takes as the restore part is very easy and quick for OneDrive. For other data locations you need to call MSFT and have them restore–no self service option yet–hopefully someday.
So I could use litigation hold as a “backup” for my Exchange itens right? How does the restore of individual itens and mailboxes work? I saw something about exporting to a .pst and importing using powershell commands, but it was not clear to me if this was really necessary. I will search a bit more, but if you could tell me your experience…. Thanks!
It is not really a backup per se. But if you think about the reasons why people want backup, you can usually address the concerns using some of these other tools, such as lit hold. For individual item restore this can be done in the client via recover deleted items. By default that’s only set to 14 days but you can extend it to 30 days in PowerShell. Now after that time a user cannot get items back themselves. You must use Content Search in the Security & Compliance center, and then export the results of the content search to a PST. Just look up Office 365 Content Search and follow the steps.
Thanks Alex, very interesting and useful article. I have these discussions with our clients all the time, most of them are very content, but occasionally some of our clients’ clients get nervous that there is no old fashioned server on premises with master/slave backups, off premises backup, all the rest of it… they are living in a bygone age it seems.
One interesting thing, there seems to be a 404 on the SharePoint Online data resiliency doc, which is a shame as I need this to satisfy a particular client. I’m sure it’s just the usual Microsoft document reorganisation, but if you happen to find it again anywhere I’d be very grateful.