New Rules for Selecting Office 365 Backup Software

This article was written by Jerome M. Wendt, president and founder of DCIG, Inc., an independent storage analyst and consulting firm. and published on November 5, 2020.

New Rules for Selecting Office 365 Backup Software

The number of organizations that have adopted or plan to adopt Microsoft Office 365 online continues to climb.

Yet as organizations adopt Office 365, they should make another similarly important decision: protecting the data they store in it. To select the most appropriate software to back it up, organizations should choose following a new set of rules.

Drivers Behind Office 365’s Growth
The number of organizations adopting Office 365 online continues to grow. Over 250 million individuals already use it monthly with it continuing to experience 20% or greater growth annually.

While the reasons for its rapid rate of adoption vary, three practical ones include:
• Office 365 delivers the features that organizations want and routinely use (email, file sharing, chat, online meetings, etc.)
• It handles the underlying Office 365 administration tasks organization do not do well or do not want to perform (fixes, patches, upgrade, etc.)
• Microsoft hosts Office 365 in its Azure cloud. This provides a highly available infrastructure with staff trained on its maintenance, management, and support.

Despite these benefits, organizations need to understand the types of data protection that Microsoft offers for Office 365. Hosting Office 365 in a highly available, secure cloud infrastructure provides levels of data protection many organizations currently lack. Micro cloud infrastructure does not, however, mean Microsoft backups your data.

Data Protection not Necessarily Backup
Any data an organization stores in Microsoft Office 365 online ultimately remains that organization’s responsibility to protect. Granted, Office 365 and the Azure cloud in which Microsoft hosts Office 365 natively offer some data protection features.

Office 365 includes some data recovery features vis-à-vis its Deleted Items mailbox and Trash folder. The Azure cloud hosts Office 365 and data stored in it on highly available storage and server hardware in its restricted access data centers.

Despite these features, one cannot equate them with backup. If one deletes data and then empties the Deleted Items mailbox or Recycle Bin, do not expect to recover it. Similarly, if one waits more 30 days to recover data after deleting it, again prepare for disappointment. Only by backing data up and storing it outside of Office 365 can one plan to recover it.

Adding to the difficulties of Office 365 backup, Microsoft limits how much data an organization can restore at one time.  Microsoft wisely controls access to Office 365 resources to prevent any entity or tenant from consuming too many of them. Limiting the number of API calls an application may make to Office 365 represents one way to enforce this policy. Unfortunately, if an organization needs to quickly restore large amounts of data, Office 365, by default, impedes this action.

Three News Rules for Selecting Office 365 Backup Software
The limited Office 365 data protection features coupled with the limits Microsoft imposes on access to Office 365 change the rules of backup. As such, organizations need to follow new rules when selecting software to backup Office 365.

Three new rules that organizations should consider following include:

1. Use software that gives you the option to stores backups outside of the Azure cloud. If Office 365 becomes inaccessible, it may be that the entire Azure cloud has become inaccessible. Keeping Office 365 backup data in another provider’s cloud improves the odds one can access Office 365 backups if needed.
2. Select backup software that monitors for ransomware. Ransomware represents a leading threat to organizational data stored in Office 365. If ransomware deletes or encrypts data within Office 365, an organization has the responsibility to recover it. Using backup software that monitors for ransomware serves a two-fold purpose. First, organizations may more quickly detect ransomware to help stop the attack before it starts. Second, it minimizes or negates the need for large data restores which can be lengthy due to the API limitations Microsoft enforces.
3. Select backup software that monitors data access and activity within Office 365. Due to the limitations Microsoft imposes on performing large restores to Office 365, organizations want to prevent any data loss from the outset. Look for backup software that helps monitors Office 365 data access and activity. By identifying suspicious activity, organizations can stop data loss before it occurs.

Think Outside the Box
Organizations will still want and need to recover individual email messages and files. In that respect, almost any Office 365 backup software will deliver on those requirements.

However, the restrictions imposed by Microsoft on recovery change the rules for selecting backup software. If organizations lose large amounts of Office 365 data, recovering it becomes a more complicated and lengthy process.

As such, organizations must think outside the box. The best backup software for Office 365 environments must do more than backup data. It should ideally also include options that minimize and prevent data loss from ever occurring within Office 365.