var $ = jQuery.noConflict();

What Microsoft Does Protect?

Office 365 has some built-in data protection to ensure that you never lose your current data. In Exchange Online and Microsoft Teams, for example, Database Availability Groups (DAGs) help achieve data protection, four Exchange servers each hold a copy of your mailboxes in their databases. Those servers are in different datacenters in the same region, and this protects your mailbox against disk, server, networking, and entire data center failures.

Failover is automatic and transparent and managed by automated systems in Exchange. The fourth copy is lagging by seven days whilst still receiving the up-to-date logs from the other copies. Although the use of this is extremely rare.

Data in SharePoint Online (which also houses OneDrive for Business and Teams files) is mirrored across at least two datacenters with metadata backups kept for 14 days. Again ensuring that you won’t lose your data to a man-made or natural disaster.

There are also several technologies built in. These are Recoverable Items folder where emails and other mailbox items go after you’ve deleted them in Outlook. A user can use Recover Deleted Items in Outlook / Outlook on the web and select one or more items to restore. There’s also Litigation hold and Retention Policy which an administrator can put on one or more mailboxes or a public folder. This prevents items from being permanently deleted.

SharePoint Online provides versioning to keep multiple copies of documents while editing, two stage recycle bins to recover deleted files and the ability to recover an entire OneDrive for Business. Some of these features support 14 days or 30 days recovery and you can change some of these intervals. 

In other words – Microsoft is very unlikely to lose your current data. This is due to an outage or natural disaster. And your users have methods to recover recently deleted emails and documents.

What Microsoft Doesn’t Protect

If you’re a micro business you might think that the above features provide good enough protection for your needs. However, it’s important to think about reasons you might need to augment this native data protection.

The most obvious one is regulation and compliance. These seem to be increasingly prevalent in many jurisdictions around the globe (GDPR in the UK etc.) and over time it will affect more businesses. There may be a requirement for your business to protect current data against attacks or loss but also be able to “go back in time” and have point in time copies of your data, sometimes going back many years. There might be a business need or policy that mandates that certain data must be retained for a long time.

Another consideration is the ease of restoring documents. Training users and help desk personnel in how to use the built-in tools to “get stuff back” quickly and efficiently is not easy. The third-party solutions have UIs that are much easier to use.

Another key point is having a copy outside of the system itself. In the past, the general rule for backups was 3 – 2 – 1. This means to have three copies of your critical data on two different media types (hard drive and tape), with one copy offsite. Storing a copy of your data in a separate system, even a different cloud provider, gives you some protection against a large-scale issue in Microsoft Office 365.

The most common type of cybercrime today is ransomware attacks where criminals infiltrate your network and monitor normal operations. Often, they’ll corrupt or encrypt your backups for a while before launching the attack. This will encrypt all your production data, followed by a ransomware demand, tailored to your organization’s annual revenue (what you’re able to pay). If you’re going for a third-party solution, make sure it has protections in place. Do this to avoid easy corruption and encryption of the backed-up data.

To add further incentive for you to pay hackers will also frequently exfiltrate your data before encrypting it. Thus, if you refuse to pay, they’ll release sensitive information publicly. There have been many high-profile examples of these attacks in the news over the last few years. And no business is safe from these lowlifes. Having a backup of all your Microsoft 365 data in a separate location will seem like a lifesaving idea, if you find your business has been ransomed.

There’s also the consideration of access to your data during an Office 365 outage. There has been several high-profile situations over the last few years. Being able to access past messages and documents can mitigate the business impact of prolonged downtime.

These and other, business specific needs might push you towards a third-party Office 365 backup solution. For example; managed solution, powered by Ahsay. 


Backup is one of the least interesting aspects of IT. Though, it’s boring and mundane but not paying it sufficient attention can leave your company exposed. Making sure that you protect your company’s most precious data against human error, malicious attacks or natural disasters is crucial.