Is it still required to backup Microsoft cloud data? Microsoft offer many tools to try to ensure you never lose critical business data: Recycle bins, Versioning, Security & Compliance tools pretty much mean you’re covered or do they? You must select and create all the correct features and policies to ensure all the above features work correctly for your business. If you have then you can recover pretty much any file or email that has either been intentionally or unintentionally deleted. If you haven’t enabled and configured these additional features then you will be subject to the standard Recycle Bin/Recoverable Items 93 day limit.
All this is very useful but has its limits. If the above is true and Cloud Data is protected then does that mean it’s the end of needing to backup O365 data, we believe not, here are our reasons:
Sharepoint & OneDrive: End Users have the really useful tool to self-serve recovery from the recycle bin of deleted files if it’s within the 93-day period. After that if you have configured Retention Rules in Security and Compliance then the files will reside in the Preservation Hold Library. An Administrator can access this location and share the file/s back to the end user to re-download, but functionality is limited when thinking of this as a full backup & restore solution. Files are listed Alphabetically, by Modified Date and Modified By but other than that there is no structure. You cannot restore whole folders; there is no Point in Time you can go back to and recover everything from that point. You have to know what files have been deleted/lost and when. Multiple files can be shared back to the end user to download or the Administrator can download them but that’s it. It does exactly what Microsoft designed it to do, keep files for a certain period of time that get deleted. It’s not designed as a Backup & Restore tool
Exchange Online (Outlook): This is similar to SharePoint & OneDrive, End Users can self-recover deleted items from the Recoverable Items Folder in which they reside for 14 days by default (this can be increased). Once they are either deleted or purged from the Recoverable Items Folder, they can be further recovered from the Purges Sub-Folder if Single Item Recovery has been enabled and the deleted item still meets the Retention Rules created and applied to the User. The process is via Powershell so a certain higher level of skill is required compared to SharePoint & OneDrive recovery. Again, similar recovery functionality is available, single or multiple files can be recovered if you have the correct syntax but they can only be recovered back to a PST file which can then be given back to the end user.
Quotas: The above options all count towards the your customer quota. Data stored in the recycle bins, Purges Sub-Folder or Recoverable Items Folder all count against the company’s storage quota. Microsoft keep expanding quotas for total data sizes so this needs to be noted but may become redundant depending on the size of the company and its data.
Regulation and Compliance: The above solutions for both preserving files and recovering files have a flaw when a company needs to meet industry compliance and regulation rules. An Administrator with the right level of permissions can remove all files from all these locations, 1st and 2nd Stage Recycle Bins, Preservation Hold Libraries and the Purges Sub-Folder’s can all be emptied by the Admin. Therefore, a business cannot fully prove files cannot or have not be tampered with.
Restore options and ease of restore: There is no overall point in time to go back to, no folder level restores and the restore process is lacking features when looking at multiple file/email recovery. A true Backup and Recovery solution can provide the options to recover entire mailboxes, sub-folders and files back to their original location simply and quickly. No need to create pst files, send share links for end users to then download the missing files.
Corruption of Data: Microsoft have the responsibility to provide a platform with a very high level of uptime (availability), a business is responsible for the consistency of its data. It’s rare but data can still get corrupted, Ransomware can still encrypt the files, and this can be replicated across all areas the files exist. You can recover using the Microsoft tools available, but it will be a slow process, especially when you think about the process described previously, a single file at a time and you would potentially have to recreate the structure.
Data Ownership: Again, Microsoft is responsible for ensuring the Platform is up and available but ultimately if it did go all wrong, however unlikely what do you do? It’s your data not theirs. Microsoft like to make us think they are immune to bugs, flaws and other issues, but are they? It is a scare tactic and worst-case planning scenario but backup is like insurance. You’d prefer not to be paying for it but it’s there for a reason, it’s there just in case.
3-2-1 Backup Rule: (Click for Blog)In our view this is still a rule that need to be adhered to. Microsoft have made it easier than ever to truly work anywhere and if things go wrong there are options for recovery, but those options don’t fully meet the 3-2-1 rule yet. Company data that is protected by a solution designed for Backup & Recovery, stored in a separate Air-Gapped site, on different media to the primary data ensure business data is protected, fully recoverable and can be configured to meet regulatory and compliance requirements.
To meet the needs of backing up O365 data FCS have tested and approved several solutions. These solutions meet our usual high standards, and all are supported by our best in class support team.
We also offer consultancy services to ensure your O365 and its tools and features are set correctly against your businesses requirements.
If you wish to know more about these solutions simply get in touch.