Why you should backup your Microsoft 365

November 10, 2021

Many businesses are adopting Microsoft 365 but what they don’t realise is that there are limitations to its default data-retention policies. In other words, Microsoft doesn’t fully backup your data.

Microsoft’s primary focus is on managing the infrastructure and maintaining uptime to you as a user. They empower the user with the responsibility of protecting their data, identities and devices. It’s a shared responsibility.

There is a common misunderstanding between Microsoft’s perceived responsibility and the user’s actual responsibility of protection and long-term retention of their data. The backup and recoverability that Microsoft provides and what users assume they are getting are often different.

Microsoft 365 offers geo redundancy, which is often mistaken for backup. Backup takes place when a historical copy of data is made and then stored in another location. Geo redundancy, on the other hand, protects against site or hardware failure, such as an infrastructure crash or outage, allowing users to remain productive.

Without a data protection solution for Microsoft 365, you may find yourself in an unpleasant situation where vital material has been deleted. And without backup, even the most skilled Managed Service Provider will not be able to recover your data. 

By using an additional Microsoft 365 backup solution, you can:

  1. Comply with laws and regulations.
  2. Prevent data loss and corruption.
  3. Avoid expenses on downtime in case of disaster.

You may still be wondering why you need to backup Microsoft 365 when you have the recycle bin. Consider, then, that the average length of time from data compromise to discovery is over 140 days. That’s a large gap! The likelihood is high that you won’t notice something is missing or gone until it’s too late for the recycle bin.

The following key risks associated with Microsoft 365 will leave you convinced that if you want to be compliant and quickly restore information, the basic protection provided by Microsoft 365 is not enough.

Risks associated with Microsoft Office 365


Accidental or malicious/intentional deletion

Deleting Microsoft 365 accounts is quite a standard procedure in companies for multiple reasons, for example to save money on licences when an employee leaves, to migrate data to another account of data management suite, or because of accidental or malicious/intentional account deletion. But regardless of the reason, one thing is for certain: the account data will be erased forever. Microsoft addresses this possibility in their services agreement and recommends that users regularly backup their data if they want to access it after account deletion.

Retention policy gaps with ex-employees

Microsoft 365 has limited backup and retention policies that can only fend off situational data loss and is not intended to be an all-encompassing backup solution. It has a limited standard retention policy of 30 days. However, most businesses need to be able to access data for much further back to comply with compliance and business requirements. Using a third-party backup solution means there are no retention policy gaps or restore inflexibility.

Whether you need short term backups or long-term archives, granular or point-in-time restores, additional backup will make data recovery fast, easy and reliable.

Unfulfilled legal and compliance requirements

Microsoft’s standard retention periods alone may not be enough to meet compliance requirements. There are a couple of safety nets built in (litigation hold and retention), but these are not a robust backup solution that will keep your company out of potential legal trouble. For example, you may need to recover important emails or documents that have been accidentally deleted.

Legal requirements, compliance requirements and access regulations vary between industries and countries. Having a third-party backup and archiving solution for Microsoft 365 means you will be able to set your own retention policies, protecting your business from costly fines and reputational damage.

External security threats: malware and viruses

Malware and viruses, like ransomware, continue to cause serious damage to organisations across the globe. Not only is your company reputation at risk, but the privacy and security of internal and customer data, too. External threats can sneak in through emails and attachments, and whilst educating users on what to look out for is key, it’s not always enough — especially when the infected messages seem so compelling. Microsoft 365’s limited backup/recovery functions are inadequate to handle serious attacks. To enhance the protection of your company’s data, you must implement regular backups to help ensure a separate copy of your data is uninfected and that you can recover quickly.


By now you probably have a good understanding of why it’s so important to back up your Microsoft 365 data. But you may also be wondering to what extent these data protection vulnerabilities happen. Alarming research shows that even though sensitive cloud data is stored in Microsoft 365 documents and programmes, a large proportion of it is not backed up. When over 1,000 IT professionals were asked about data loss experienced in the cloud, these were the results:

*Veaam customer survey September 2019


If you’re already using Microsoft 365, or thinking about making the move to the Cloud, the next step is to ensure you’re deploying a backup solution additional to the limited protection included with Microsoft 365 – one that offers you complete access and control of your data to avoid unnecessary risks and data loss.

As a trusted IT Managed Services Provider, Quintech can advise you on the best solution to ensure recoverability and retention of your data.

Get in touch with us today for more information.