Do you think that Microsoft backs up your data in Microsoft / Office 365? Do you think that “because it’s in the cloud”, you don’t need to worry about backup?
If so, you’re not alone, many IT Pros have the same idea. Turns out that’s not true, and this article will cover what Microsoft is responsible for and what you’re responsible for so that you can make informed decisions about Office 365 backup for your business.
The Threats
There are many threats to Office 365 to consider (whether there’s a pandemic on or not) for example authentication issues. There have been several high-profile outages where Azure Active Directory (AAD), the directory behind Office 365, has had problems logging people in. In these situations, it doesn’t help that Exchange and SharePoint online are actually available – your users can’t login to them. Another type of incident is where Multi Factor Authentication (MFA) is unavailable, ironically the strongest security recommendation from Microsoft for protecting user identity, and if you’ve enforced MFA for all your users (and administrators) and it’s not working – again no one can login. There have also been outages due to expired certificates, network name resolution (DNS) issues and of course you may also have situation where your internet connection / ISP has failed and is preventing users from accessing Office 365.
Office 365 Service Health
It’s important that you do a Business Impact Analysis (BIA) for your particular situation – if Office 365 is unavailable, can our business continue to operate? For how long, using what mitigations? Sit down with the business and work out Recovery Point Objectives (RPO), Recovery Time Objectives (RTO) and do a Threat and Risk analysis for the business. RPO establishes how much data loss is acceptable for different applications and services, for example, if the answer for Office 365 is eight hours, you’ll need to back up your data more frequently than that. RTO establishes how long it should take to restore service after an outage.
What Microsoft does do
For your Exchange Online mailboxes and public folders Microsoft keeps four copies of this data, on four different servers, in at least two separate datacenters (in some countries four datacenters). One of these copies is lagged – deliberately kept seven days behind the other three copies so that corruption in the database can be recovered from. This is called Native data protection and is also available in Exchange Server on premises through a technology called Database Availability Groups (DAG).
SharePoint and OneDrive for Business similarly have several copies of your data spread across multiple datacenters. Microsoft Teams stores its files in SharePoint and conversations are stored in Exchange Online, thus providing the same data protection as those services.
Furthermore, if a user deletes an email (or other Outlook item), it’s put in the Deleted Items folder, if that’s emptied or the user shift deletes the item (bypassing the Deleted Items folder), it’s put in a hidden Recoverable items folder for 14 days by default (administrators can increase this time up to 30 days). Users can recover items using the Recover Deleted Items feature in Outlook as long as the time hasn’t expired. Even if a user purges the items our of the Recoverable items folder (called a hard delete), an administrator can recover the items, as long as the deleted items period hasn’t expired.
In SharePoint Online items are stored in the Recycle Bin for up to 93 days where users can recover them themselves. If they are purged from the Recycle Bin, an administrator can recover them, provided the 93 days aren’t up.
SharePoint Recycle Bin
Some administrators use In-Place hold (being deprecated) and Litigation Hold (the newer feature) as a replacement for backup. This will ensure that no Outlook items are deleted from the mailboxes permanently as the intended usage of this feature is to ensure that staff that are under investigation cannot delete incriminating evidence. But this “backup” has a horrible user interface – the only way to recover data is by running eDiscovery searches to recover deleted items, hardly user friendly and definitely not something end users can do themselves. This also only works for mailboxes in Exchange Online, there’s no equivalent feature for SharePoint / OneDrive for Business.
However, all these data protection features only protect the data that’s there right now from loss, it doesn’t provide a true backup where you can go back in time, nor does it provide storage of your data outside of Office 365. Contrast this with your data protection approach when you had Exchange and SharePoint servers on-premises (maybe you’re in a hybrid deployment and still do), where you’re probably following the 3-2-1 rule and storing three copies of your data, on two different media with one of those copies in an offline location.
You need to understand your company policy, any relevant regulation you operate under and the needs of the business to make sure you have the right solution in place. Very often this will require more than what Microsoft is providing and thus a third-party backup solution is needed.
If you wanted to summarize the Office 365 approach to data protection it’s geo-replication, not backup. Corrupt data, or encrypted data from a ransomware attack, in one location will be dutifully replicated to the other locations and the only protection against this is a separate backup of the data.
How to Backup Office 365
A good backup solution for Office 365 (like Altaro Office 365 Backup) should be cloud based and give you control over your data. Depending on the RPO / RTO along with the BIA you’ve worked out with the business other mitigations may include the deployment of an Exchange server / SharePoint server (or several) on-premises in a hybrid fashion, where you can load backup data if there’s a prolonged Office 365 outage.
Altaro Office 365 Alerts
Don’t forget to take into account your identity backend, many businesses use Active Directory on-premises and rely on AAD Connect to keep on-premises accounts synchronized to Azure AD. What happens if your internet connection is down depends on which authentication method you’ve picked – if you’re using Password Hash Sync (PHS) users will still be able to authenticate to AAD and access Office 365 (outside of the office -if your corporate internet connection is down), whereas if you’re using Pass-through Authentication (PTA) or Federated authentication users will not be able to authenticate.
Your backup solution should also provide an easy to use interface to find and restore individual items from a mailbox / SharePoint / OneDrive as well as entire folders, and (depending on your business needs) user self-service.
Ultimately it comes down to control – based on business needs – can you perform restores the way you need, ensure business continuity in the face of different disasters and be in control when disaster strikes? Only a well-rehearsed and practiced approach, based on a sound strategy for Office 365 Backup, with the right tools, will ensure that you have that control when some form of disaster hits.