Is it necessary to back up your data in Office 365 externally?

Office 365 backup is a hot topic and there are a lot of opinions out there. My opinion and short answer is No, most organisations do not need an extra backup solution for Office 365 data. However, there might be exceptions for compliance reasons so here is my long answer. 🙂

It may be helpful to know that it is relatively rare that organisations make external backups of Office 365 data today. It is not a good enough reason to do backups, just because that is how it has always been. I would argue that in most cases it works just fine with the features included in the service. Backup is something you already pay for!

First, Microsoft always keeps multiple copies of your data in different fault domains (geographically separated datacenters). This protects your data from service failures. Please note that Microsoft do not take responsibility for your data and they actually recommend you backing it up somewhere else in the agreement (Service Agreement, see section 6.b). This is a risk you need to consider.

Second, Office 365 features such as Versioning in OneDrive and SharePoint, Archiving, Retention policies, In-Place hold and Litigation hold, holds in SharePoint, self-service “restore deleted files”, eDiscovery, and Content search, help customers protect and restore lost data. These, if configured correctly, protects your data from human errors and ransomware in the cloud.

All the above are Office 365 E3 functionality.

You can even lock your data to keep it forever by turning on Preservation Lock which locks a retention policy so no one, including administrators, can turn off the policy, delete the policy, or make it less restrictive (use with caution).

Most customers want to do backups due to lack of knowledge in how Office 365 works and manages their data, and they are simply used to doing backups themselves. “It feels right.” One of the key reasons for buying Software as a Service is to avoid this kind of extra cost/extra work.

If you still want to do external backups of your data in Office 365, you need to buy this from a third-party backup provider. Remember to do your GDPR homework when choosing a backup provider. Also, remember that the external provider probably does not have the same level of security in their service as Microsoft (Conditional Access, MFA, Identity Protection, Password-less, etc). This is probably the biggest reason why I don’t like Office 365 backup solutions. I don’t like the idea that a third-party service has full read access to my data when I have little knowledge and control of authentication and access to it. You need to be sure that the backup service is secure. Do not let your new backup solution become your weakest link!

Not everything will be backed up. Office 365 includes many sub services such as Exchange, SharePoint, Lists, Forms, Teams, Planner, Yammer, Stream, Sway, Microsoft 365 Groups, etc. There is no backup tool on the market that can backup of all the services in Office 365. They are usually limited to Exchange, SharePoint, and OneDrive only.

Please evaluate the risks that comes with bringing in a third-party service and have a look at the built-in features before deciding on buying an extra service! It’s all about managing risks. I hope this helps!

Read more:

https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-data-resiliency-overview?view=o365-worldwide

https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-malware-and-ransomware-protection?view=o365-worldwide

https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-monitoring-and-self-healing?view=o365-worldwide

https://docs.microsoft.com/en-us/microsoft-365/compliance/retention?view=o365-worldwide

Please follow me here, on LinkedIn and on Twitter!

@DanielChronlund