In Blog, Microsoft

Does your organization need the Microsoft 365 Backup Solution?

With increased security and backup measures needed to protect businesses, we have many clients asking what they need to make sure they have immediate access to backups should any networks become compromised. Microsoft’s 365 Backup Solution is a trusted solution that AhelioTech is recommending for our clients.

Doesn’t Microsoft already backup your Microsoft 365 data?

Yes and No.

While it is true that Microsoft has some native retention and recovery capabilities, Microsoft does not provide complete and robust backup and recovery services. Microsoft states in their documentation, data integrity and retention is your responsibility.

For all cloud deployment types, you own your data and identities. You are responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control (which varies by service type).

Regardless of the type of deployment, the following responsibilities are always retained by you:

  • Data
  • Endpoints
  • Account
  • Access management

How quickly do you need to recover backed up data?


That is the problem with native Microsoft backups. The problem is not so much in the saving of the data but in the retrieving. There is no easy way to find the file that you want to restore. Unlike the elegant management consoles you experience with leading third-party backup solutions, you cannot simply navigate a document or folder to restore it.

AhelioTech backs up your Office 365 data every 12 hours and keeps it for 14 days. In the event of a ransomware attack, we can reach out to Microsoft, and they can perform a full restore of your data meaning everything else will be overwritten. This form of basic backup will not help you if you need to restore a single file or folder.

Many clients do not find the Recovery Time Objective (RTO) in this approach to be acceptable in the event of a successful attack.

Does Microsoft’s native data protection meet security standards?

Not always.

Organizations must retain data for a host of businesses, compliance, or other legal purposes. Microsoft’s native data protection may not meet the requirements of every industry or type of data. While Microsoft’s default retention is 30 or 90 days, depending upon data type, many organizations are required to retain data for years. Healthcare, financial services, and other heavy-regulated industries are often required to retain data for decades if not indefinitely.

Do we need the Microsoft 365 Backup Solution if we use OneDrive?


Many Microsoft 365 users don’t think they need to back up their files because they use OneDrive. OneDrive is not the same as backing up; it’s a file-syncing tool designed to optimize file sharing and collaboration.

If a local document is compromised, the document that is synced in the cloud will immediately be compromised as well. If a file is deleted or infected by malware on your local drive, that change will propagate automatically in your synced OneDrive account. File versions are not immutable or isolated recovery points within Microsoft 365. If a file is deleted, all older versions of that file are also deleted. If they are permanently deleted, no viable recovery points are available.

If it is Microsoft’s platform, shouldn’t they be responsible for backing up data?

Not according to Microsoft.

Microsoft makes it clear in their Shared Responsibility Model that they are not responsible for your data. They are only responsible for the infrastructure they maintain to deliver their services.

Here is what the Enterprise Strategy Group has to say about the subject:

“Given Microsoft’s responsibility and supporting technology is limited to infrastructure levels, organizations are exposing themselves to risks such as data loss and security breaches, retention and regulatory compliance exposures, and lack of data control in hybrid deployments if they are without third-party backup plans. In addition, many customers have their data stored in a combination of on-premises and cloud environments, while others have different teams on different versions of Microsoft 365 suites, which can make data protection more challenging in hybrid deployments without a unified backup solution.”

“We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”

Do I need Microsoft 365 Backup Solution?


Microsoft’s 365 Backup Solution is a vital part of your Disaster Recovery/Business Continuity plan.

Contact AhelioTech today to review your Backup Plan.

Recent Posts
Technology Checklist for a Safe & Successful Office Move