M365 Backup: Why is it imperative to protect Microsoft Office 365?

  • 30 September 2022

Userlevel 7
Badge +9

Microsoft 365 formerly referred to as Office 365 is a SaaS application that provides productivity and collaboration through a diverse set of micro-services and applications such as Exchange Online, SharePoint Online, Skype for Business Online, Microsoft Teams, Exchange Online Protection, Office in a browser, and many others. Microsoft recently made a distinction between M365 and O365. Therefore, M365 is a bundle of services that includes O365, and many other services as mentioned previously. I will be discussing these details in a subsequent guide. Here are some related guides that might interest you: How to Cancel Office 365 Family Subscription, how to complete Microsoft Office 365 Family Subscription, how to install Microsoft Teams on a Mac PC, and how to install and activate Office 2019 on your Mac PC.

As of today, data is the most critical resources and one of the most valuable currency in the world. In Cyber Security, we refer to data as the New Oil. This Forbes link will highlight more on this. Now that we are aware how important our data is, adequately protecting our data is paramount in effectively managing and maximising its potentials. Your data is your biggest asset and it must be protected.Here is another helpful guide: Remove Office license file: How do you change the account that Office says it belongs to on a Mac.

I believe you are here because of the following questions below. Below are the questions frequently asked. As we dive more into this topic, every of these questions will be answered.
        •        Does Microsoft back up my data?
        •        Is this really my company’s responsibility?
        •        What is Microsoft responsible for?

In M365, the two technologies that help in securing backup are Replication and Backup. Microsoft performs replication on your data. As we have discussed, this isn’t enough! You have to perform data Backup in order to comply with retention policy and protect against accidental deletion. A separate copy of your data on a separate media anywhere of your choice in the cloud or on-premise will help protect your asset (data).

Should I Backup My Microsoft 365 data?

This is a vital and disputable topic. This question has been asked on various platforms such as Microsoft Forums, and was answered by a Microsoft MVP with an affirmative “Yes”. as shown in the image below for some of his arguments.


src: microsoft

In this article, I will describe why it is important to protect M365. Before diving into these details, let’s dispel the myths surrounding protecting Microsoft 365.


Microsoft 365 Data Loss Prevention: A disgruntled administrator or an attacker can delete your data in Microsoft 365. Also, Microsoft has a Data Handling Standard policy for Microsoft 365 that specifies how long customer data is retained after deletion. Regardless of the scenario, the retention period is very short. Having an Enterprise modern data protection in place is imperative for protecting Microsoft 365 data. Backup and recovery solutions help capture a point-in-time copy of a file, database, etc. This means that any data that are deleted accidentally can easily be recovered, but it also means that files are protected against ransomware attacks!

If you do not have a backup in place and this retention period is exceeded (elapses), the data is rendered commercially unrecoverable. I am sure this is not what you want. For compliance reason, you also do not want this to happen.

Furthermore, Microsoft doesn’t provide a native backup for Microsoft Office 365. As described in the above mentioned link, the default retention periods protects data for period of 30-180 days on average. This can lead to a lot of non-compliance with data retention regulation and can result in huge fines.

Regulatory Compliance: Regulatory compliance, internal governance requirements, or litigation risks require organizations to preserve email and associated data in a discoverable form. All data in the system must be discoverable and none of it can be destroyed or altered. The industry-standard term for this is “immutability.”

When you do not comply with the above regulations, there will be tremendous financial impact, regulatory fines, litigation expenses, security expenses, stock value loss, brand value loss, reputational damage, and customer turnover. Combined, the cost of data loss can run into millions of dollars, placing a burden on organisations and impacting their business.

Protection against Cyber threats and Ransomeware attack: We are all aware that Ransomeware is a disaster and causes roughly two million US dollars per incident. Recent report has found that threats in Microsoft 365 have grown by 63% over the past years. Additionally, ransomware was the most common reason behind their incident response engagements. With the risk of attack on the rise, it’s crucial that you have a strong backup and recovery solution in place to secure your data in the event of a breach.

With this in mind, Secure backup is your last line of defence against Ransomeware attack! Therefore, protect your data by reducing the risk of compromise with a comprehensive data security today.


Furthermore, you may want to use Microsoft Purview to help protect your organisation against some of these insider risks. Microsoft 365 risk prevention features are designed and built-in to our insider risk products and solutions. These solutions work together and use advanced service and 3rd-party indicators to help you quickly identify, triage, and act on risk activity.

If you decide to drill down on the different aspects / responsibilities associated with your M365 account, it becomes evident on what the end user controls such as data and configuration, thus becoming responsible for any mistakes via administration (management). In the end, it is you DATA and and it is your sole responsibility for protecting it.

Having discussed the above points, there is a real and urgent need to protect your O365 workload. And the right solution for this is Veeam back for Microsoft 365. There are a lot of other back solutions, but from my rigorous tests, I would recommend you use VBO365 v6 which is the present version at the time of writing this guide.

In addition to protecting your Microsoft 365 data and services with backup solutions, it is crucial to defending against cyberattacks and guarding against data loss. Ensure a good data protection strategy for Microsoft 365 is in place. Also employ Microsoft 365 Defender, this is a comprehensive security suite designed to provide pre- and postbreach protection and insights. Lasting, in order to prevent against credential stuffing, ensure Multi-Factor Authentication (MFA) is enabled.

Here is the link to the original post. I will be creating a new guide on why you should use Veeam Backup and not other competitors.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.


Userlevel 7
Badge +9

Noticed one or two errors! Unfortunately, I cannot edit it anymore… ✍️ I will do justice to the main blogpost! 

Userlevel 7
Badge +9

Below is a graphical image of your responsibilities using Microsoft 365

Since I cannot update this post, I will be adding the link to the original post: https://techdirectarchive.com/2022/09/30/m365-backup-why-is-it-imperative-to-protect-microsoft-office-365/

Userlevel 7
Badge +17

You cannot edit your post in this thread? As a Legend you should be able to edit all of your posts…

Perhaps @Madi.Cristil  can help with this….

Userlevel 7
Badge +9

You cannot edit your post in this thread? As a Legend you should be able to edit all of your posts…

Perhaps @Madi.Cristil  can help with this….

Thanks @JMeixner and @Madi.Cristil for this!

Userlevel 7
Badge +2

Thank you for the sharing @Iams3le .
Indeed, the responsibility for data integrity and protection lies with the customer, not the cloud service provider.

Userlevel 7
Badge +9

nice article, thx for sharing @Iams3le  😍