Microsoft 365 (M365) has become indispensable in everyday office life: emails, documents, Teams chats, SharePoint – everything in one place, all in the cloud. But many admins rely too much on the idea that “everything is somehow secure.” That’s a mistake!
Why should you back up Microsoft 365 services at all?
The well-known Shared Responsibility Model states: Microsoft provides the infrastructure, but you are responsible for backing up and restoring your own data.
In short: Microsoft protects against infrastructure, network, and hardware failures and takes care of maintaining the Microsoft architecture and software. However, Microsoft is not responsible for accidental deletions, ransomware, viruses, malicious colleagues with a “delete finger,” or improper data handling!
What about the good old Recycle Bin feature – isn’t that enough protection?
Many people rely on the idea that deleted files simply end up in the recycle bin and can be restored at any time. That sounds reassuring at first—but in practice, it is very limited. Here are a few examples:
- Limited retention period: The recycle bin in SharePoint and OneDrive only keeps deleted files for a certain amount of time (usually 30 to 93 days).
- Not all scenarios are covered: If files are deleted by malware, automated processes, or after the retention period expires, they are gone for good.
- Mailbox deletions: If an entire mailbox is deleted (for example, by removing a user), it does not end up in the recycle bin. The mailbox remains recoverable in a “soft-deleted” state for a limited time in the background, but is no longer accessible to the user. After this period, the mailbox is permanently deleted.
Alright, so we need backup software and decide, for example, on Veeam Backup for Microsoft 365 (On-Premises) or the Veeam Data Cloud Backup Service. That means everything is safe now, right? Basically, yes…
The backup runs… and suddenly: error alert!
So you’ve set up Backup-as-a-Service for M365, everything is running smoothly—until suddenly this cryptic error message appears:
Processing site: https://starshipbuilding.sharepoint.com/sites/Development completed with warning:
Failed to backup item: /sites/starshipbuilding/Shared Documents/DeathStarPlans/UltimateBlueprints, Item may have a virus reported by the virus scanner plug-in
Total count of failed items: 1
An important item hasn’t been backed up… Panic? Not yet!
What’s behind this?
You can find information, for example, here: https://www.veeam.com/kb3096
and here: https://learn.microsoft.com/en-us/defender-office-365/anti-malware-protection-for-spo-odfb-teams-about
Microsoft Defender – The Virus Hunter Working in the Background
Microsoft has an integrated shield on the M365 side:
Microsoft Defender for Office 365.
This service scans all files uploaded to SharePoint, OneDrive, and Teams—and if something seems suspicious, the file is either locked or moved directly to quarantine.
That means: The backup tool (e.g., Veeam) receives a message from the Microsoft API: “Sorry, you’re not allowed to back up this file—it might be a virus! So you’re not allowed to back it up, edit it, or download it.”
This results in the error mentioned above appearing in the backup log—and you’re left wondering: What now?
What should you do if the file is in quarantine?
a) Where can I find the affected files?
You can find these files in the Microsoft Defender portal under “Email & collaboration > Review > Quarantine > Files tab” or directly in the Files tab on the Quarantine page.
b) How can I check if the file is really infected?
Microsoft Defender will show you why a file was flagged as suspicious.
Never download the file carelessly—if necessary, scan it with a local, up-to-date antivirus tool.
Sometimes false alarms occur (for example, with custom macros or unusual file formats).
c) How can I release or delete the file?
If you determine that the file is not infected, you can mark it as “not infected” and release it. This can be done directly in the Security & Compliance Center.
If the file is actually infected or is no longer needed, deleting it is the safest option!
After releasing or deleting the file, the warning will disappear in the next backup run.
You can find the details in the Microsoft documentation, specifically right here: Manage quarantined messages and files as an admin
Conclusion & Tips for Stress-Free Backups
Regular checks: Regularly check the Security & Compliance Center to ensure that no suspicious files are blocking your backup.
Communication: Inform your colleagues about how to handle suspicious files.
Check backup logs: Always take warnings like “item may have a virus reported by the virus scanner plug-in” seriously—but don’t panic!
Even the best backup admin sometimes just needs the power of regular monitoring—and a little support from Microsoft Defender!
