Microsoft 365 has had a rapidly increasing adoption rate with 1 in 5 employees using the cloud based SaaS platform WW.
According to IDC research, 6 out of 10 businesses using M365 don’t have a data protection plan in place for their M365 data and simply rely on Microsoft’s native capabilities.
This guide is designed to dispel some common misconceptions surrounding backup for M365 including:
Although Microsoft has a responsibility for basic retention and infrastructure security for M365, businesses themselves are responsible for the security, privacy, compliance, backup and recovery of their data.
1. Recovery from deletion
You may assume that you can recover from accidental deletion from the M365 delete items folder. This is classed as a soft delete as these items can still be recovered from the ‘recoverable items’ mailbox but for up to 30 days only.
4. Meet compliance and legal requirements
With more stringent data protection regulations coming into force across the globe, it is becoming increasingly important for firms to take responsibility for the protection of customer data. The most prominent of these regulations to be introduced the in the last two years was the European General Data Protection Regulation (GDPR) which came into force in May 2018.
For the majority of data protection regulations – including GDPR, as a business you will be required to make sure data is secure, traceable, searchable, well-preserved and kept in its original form. Compliance and legal requirements can also vary from one industry to another, with tougher regulations for organizations who hold sensitive data in the financial, healthcare and government sectors for example.
Microsoft’s standard retention periods alone may not be enough to meet compliance requirements. Having a 3rd party backup and archiving solution for M365 means you will be able to set your own retention policies protecting your business from costly fines and reputational damage.
5. Set retention policies
As mentioned in the previous point, M365 has a limited standard retention policy which is set at 30 days only. This is purely designed for situational data loss and not to be used as an ongoing or replacement for your own backup solution. This is not only important from compliance perspective, but from a business impact point of view. Most businesses need to be able to access data for much further back than just 3 months for any number of reasons.
Also, Microsoft doesn’t offer point in time restoration capability. Choosing a 3rd party backup solution which offers this means data can be recovered on a more granular level with a snapshot taken before a breach or deletion to offer faster recovery.
6. Hybrid email deployments and migrations
It is important to have backup when migrating over to M365 . Some businesses have a blend of both on-premises Exchange and M365 users. Whatever the case, your Exchange data should be managed and protected the same way, making the source location irrelevant.
Email data disasters happen every day. Having a solution that can backup, manage, recover, archive and protect critical M365 emails, contacts, calendars and tasks should be an essential element of your overall data protection strategy.