rolffimages - Fotolia


Tricks and tools to prevent data loss in Office 365

IT admins who skip disaster recovery or data loss prevention steps when moving to Office 365 put themselves -- and their company's data -- at risk.

The shift to a cloud platform like Office 365 enables admins to focus on managing apps and capabilities of the...

online service, instead of wrestling with day-to-day tasks. This doesn't mean that IT teams can ignore the possibility of data loss in Office 365.

While there is a sense of security that comes with a cloud service, organizations need to develop their own data retention plans for some Office 365 features.

Businesses rely on their email systems to stay in touch with employees, clients and suppliers. SharePoint remains an integral component for enterprise content management in many organizations. Companies that shift these workloads -- and their data -- to Microsoft's cloud platform should be aware that email and content stored in SharePoint or OneDrive are not, by default, protected against accidental or intentional deletions.

With a move to Office 365, some in IT have abandoned disaster recovery (DR) and business continuity plans (BCP) that were required to recover on-premises email and SharePoint platforms. IT teams only need redundant connectivity to the cloud and must trust that Microsoft's infrastructure, data centers and systems will provide necessary data protection from hardware and software failures.

In Exchange Online, IT teams can only restore an entire mailbox within 30 days after deletion; after that point, they can ask Microsoft for an additional 14 days for a 44-day window of data recovery. SharePoint and OneDrive face similar challenges, as they do not offer easy or efficient ways to restore site collections or lists that have been deleted and removed from the recycle bin.

Filling Office 365's DR and BCP gaps

Many companies have gaps in their DR plans; an inability to restore data from a specific point of time can lead to risks. While Microsoft offers service-level agreements of 99.9%, Office 365 has limited capabilities around backups -- even though some suggest that on-hold features and retention or preservation policies can prevent data loss in Office 365. These options, however, are limited and do not offer easy ways to recover or restore data.

There are several tools on the market – based both in the cloud and on premises -- for Office 365 data protection and DR, including SkyKick, Datto, Spanning and AvePoint. These tools offer automated backup of emails, calendars, OneDrive and, in some cases, SharePoint site collections -- without the need for any on-premises infrastructure.

Many of the third-party tools can help IT address some of their backup needs around the Office 365 workloads -- email, SharePoint and OneDrive. Admins can be confident that some of their digital assets are protected and that their DR plans are complete. But, in reality, as more users expand into other Office 365 services -- such as Planner, Office Groups, PowerApps and Flow -- Microsoft or other third-party tools need to play catch-up to protect data stored in those services. Currently, those services don't offer any backup methods.

When evaluating Office 365, plan for Office 365 backups and implement them immediately after going live. Skipping that step would lead to serious risks and an incomplete DR plan. Those organizations that make the switch without the use of backup services put themselves at risk for data loss in Office 365.

Next Steps

Keep Office 365 secure and protected with these tools

Guide to backups for Exchange Server and Office 365

Before a move to Office 365, get familiar with the differences

Dig Deeper on Office 365 and Microsoft SaaS setup and management