BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Some Office 365 adopters assume a move to Microsoft's cloud comes with automatic data protection. But administrators must prepare backups or find out the hard way when messages and other important material are lost -- with no chance of recovery.
Microsoft protects files against breaches, hardware failures and data center disasters. But don't expect the company to cover everything, at least not by default. To date, Microsoft has no backup offering for Office 365. Admins can apply an In-Place Hold to retain and recover mailboxes, but Microsoft only includes retention and preservation policies in its enterprise plans. Organizations that don't subscribe to the enterprise plans still rely on the SharePoint and OneDrive services, however, and can't afford to lose those documents. Administrators must develop an Office 365 backup policy to ensure corporate data is safe.
How assumptions cause problems
A North Carolina manufacturing plant recently discovered how an absent Office 365 backup policy will disrupt the business.
Eight months after the company moved to Office 365, an accounting manager asked IT to retrieve the mailbox of a former employee to review the messages with a particular client. The manager saw major gaps in dates between email messages and noticed the log of sent items went back just a few months. The manager contacted the IT admin, who did not know how to recover the missing messages. After talking to Microsoft support, the admin learned Exchange Online purges deleted email messages older than 44 days unless there is an In-Place Hold on the mailbox.
IT must understand what Microsoft provides -- and just as importantly, what it doesn't provide -- for backup. Administrators cannot assume that Office 365 protects all data automatically. IT can restore a deleted mailbox within 30 days. After that time, Microsoft can recover it within 14 days. Once that window passes, the mailbox disappears.
Take steps to defend and retrieve data
The move to Office 365 intimidates many administrators: They must set up everything from Active Directory to new security policies for the collaboration platform. But don't leave a comprehensive Office 365 backup policy off this long to-do list.
Use these actions to develop an Office 365 backup policy that ensures IT can protect and recover important files and messages:
- Define your data governance plan with specifics around retention policies and data archives.
- Check with compliance on regulatory requirements for data retention.
- Identify the workloads to protect. Include business content in SharePoint and OneDrive -- not just email messages.
- Compare the features in Office 365 backup providers, such as Veeam, Backupify, CloudAlly and Metalogix.
- Test backup procedures on one -- or all -- users and against the various services. This helps determine if the offering performs as expected.
- Set up notifications in Office 365 when major deletions of files and email messages occur.
- Add alerts for Office 365 backups.
- Perform restore drills for protected workloads.
Some companies prevent email deletion, while others subscribe to third-party archives to journal email messages and keep copies of other data. Microsoft enables easy access to providers for these backup offerings.
A guide for administrators moving to Office 365
Be aware of these Office 365 limitations
Backup tools to consider for Office 365