third-party Microsoft 365 cloud backup solutionsĪn attacker intent on doing your company harm might also attempt to gain administrative access to your Microsoft 365 account via phishing, social engineering, or even taking advantage of a vulnerability in the software itself. Malware can even encrypt your files a random number of times so you have to dig all over time and space to find the right version - What a mess. Versioning protects you from typical user errors, but malware may be able to change or encrypt your file more times than the number of versions you store, which would mean you do not have a valid version to restore. I’ve seen plenty of complaints about this online. While 500 versions may sound like a lot, you should know that Microsoft 365 is continually saving versions while you are working on a document. You can check whether or not versioning is currently enabled in your account, and reduce or increase this number as required. SharePoint and OneDrive do offer versioning to protect against accidental mistakes, and Microsoft 365 now enables 500 versions by default. In addition, if malware deletes hundreds or thousands of files, you will be spending quite a lot of time in the recycle bin locating each file and putting it back, a process some refer to as “dumpster diving,” which no one should use as their backup method.Ī third – party backup tool would allow you to easily find and restore as many files as you need, or even restore an entire user or folder to a point in time. And if you don’t notice in time – because the malware is hoping you won’t – you lose the data forever. But what if malware deletes files you don’t use frequently so you won’t notice the deletion? You will only be able to recover them if you notice the deletion within the specified retention period. You just need to locate the deleted item in the recycle bin before it expires (and hope it wasn’t manually emptied by an admin – rogue or otherwise). Microsoft 365 has places where it stores deleted items that allow you to retrieve them for a set period of time. Say, for example, you accidentally delete an email, OneDrive file, or SharePoint item. Why might Microsoft say this, you ask? Because there are more ways to destroy your data, Horatio, than are dreamt of in your philosophy (my apologies to the bard). “We recommend that you regularly backup your content and data that you store on the services or store using third-party apps and services.” Here is what they say in their service agreement for Microsoft 365 ¹ : An app should be protected by something that isn’t the app.Įven Microsoft agrees. It’s like backing up your laptop files to another slice on your local hard drive.
Using Microsoft 365 to protect itself violates every one of these basic data protection steps. Three copies of your data on two different pieces of media, one of which should be offsite. The first reason why Microsoft 365 should be protected by a third party is the age-old concept of the 3-2-1 rule of backups. So, maybe backup is a good thing after all. Even if you feel you are well protected, the restore might be time intensive and quite a bit more work if you don’t have a third-party backup tool. Microsoft 365 offers basic protection to deal with some risks that could damage your data, but there are things it doesn’t protect you from, and there are side effects to some of its optional protection features.
Curtis Preston, Chief Technology Evangelist Why should you back up Microsoft 365?Īs a person who has dedicated their career to backup and recovery, one of the things I find hardest to comprehend is when someone says “X is so good, it doesn’t need to be backed up.” The biggest example lately is proponents of Microsoft 365 (formerly Office 365) that suggest that it “performs backups” for you, which simply isn’t true.