Microsoft has done an amazing job offering and maintaining its Office 365 data processing platform. Every day, large amounts of data are processed on the platform globally, mostly by businesses. The crucial nature of such data necessitates protection at all costs. At first glance, it seems as though Microsoft offers a solid data loss protection mechanism. But the company has never claimed to offer comprehensive data protection or disaster recovery. Perhaps it is suited for basic users who don’t have much to lose in the event of an unexpected disaster. Businesses on the other hand need to take a more proactive approach to data security as Microsoft’s native data protection mechanism do not satisfy today’s data protection, disaster recovery, legal and compliance demands.

A very conventional Office 365 backup mistake assumption is that data protection is unnecessary since the service runs on the cloud.

For Office 365, Microsoft employs the Shared Responsibility Model. This means that it is majorly responsible for maintaining the Office 365 Global ecosystem by delivering consistently the services required to keep the platform running. Below are the clear wordings of their services agreement.


“We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”

On the other hand, it evidently encourages customers to be responsible for the access and control of their data residing within Office 365. This indicates that Office 365 truly experiences outages that cannot be avoided on a regional basis which could be due to natural disasters or routine maintenance and such outages are capable of causing data loss that Microsoft will not be held responsible for in any way. Microsoft also does not provide point-in-time recovery, meaning that when your data is lost to external or internal threats, there’s absolutely no guarantee of a Microsoft-assisted recovery.

Due to an absence of a point-in-time recovery, if a production mailbox or item is corrupted or lost, it becomes corrupted in the retention archive folder too. Moreover, Office 365’s data retention policies will not protect your files from accidental or malicious deletion. Neither does it satisfy the standard 3-2-1 backup model of having your data backed up on multiple devices in different locations.

There is also a common misconception that Office 365 has a long-term data retention policy. While it is true that the SaaS offers a retention policy where documents can be retained for 93 days and emails for 14 days, this is merely a short-term backup that fails to meet the compliance requirements of most data protection regulations.

In conclusion, it’s clear that relying on the Microsoft Office 365 local backup plan is insufficient for a healthy backup culture. You might want to consider Backup for Microsoft 365 if you want a full solution to your data backup concerns that protects your Exchange Online mailboxes, OneDrive for Business files and SharePoint Online sites. Thanks to the dedicated Office 365 backup, when the need arises, you can instantly restore emails, attachments, files and folders back to their original or custom locations.

TBN Editor

Time Business News Editor Team