The big appeal of cloud-based software such as Office 365 is it automates much of the maintenance that normally falls into the lap of IT—including backups. But although Microsoft’s stalwart productivity suite does a lot of data protection automatically, you shouldn’t put all your eggs in one basket.

Even as many businesses move to the cloud and adopt the Software-as-a-Service (Saas) paradigm, disruption due to data loss is still a risk. In the case of Microsoft Office 365 specifically, it’s important to understand what Microsoft takes care of and where Office 365’s data protection ends so you know when your own backup policies should kick in.

Read the fine print

If you’re using Office 365, you’re likely storing files in either OneDrive or SharePoint or both. If you’ve recently adopted Microsoft Teams for collaboration, the files you upload there are integrated with your SharePoint too. Finally, you’re likely using Microsoft for email, as well, having moved from on-premise Exchange to the cloud.

All these apps offer their own safeguards and retention policies. For example, you can recover deleted email as old as 30 days, while data protection capabilities and retention policies vary from depending on each Office 365 service. They also change often and can be difficult to understand. Most of all they only cover a handful of obvious data loss scenarios with limited recovery windows.

Where data might fall through the cracks

There are many scenarios where Office 365 data retention policies and protection capabilities may not safeguard all your critical information at level you require:

• Migrations: If you’re only just deciding to move off-premise to Office 365, data could be lost in the process, and running a hybrid environment as you make the transition can further raise the risk data loss.
• Deleting a user deletes data: Files, and emails in particular, are often tied to specific employees. While a best practice is to remove employee accounts when a person leaves the company, deleting their access can lead to the destruction of valuable information, and the connection may not be realized until it’s too late to recover it.
• Human error: People sometimes delete files because they think they’re no longer needed, or unknowingly through the wrong click. But if the information isn’t needed again for another six months, often it’s too late for Office 365 retention polices to save it.
• Policy complexity: As already mentioned, retention polices for Office 365 and related services can be difficult to understand, and they evolve over time. You may think certain files are covered by these policies, when in fact they aren’t.
• Security threats: Malware and viruses continue to be the most prevalent external threats to data, as well as hackers and ransomware. Meanwhile, threats can come from within, not only from user carelessness, but also disgruntled employees who may be on the way out.

At first blush, Office 365 data retention policies and data protection capabilities might seem sufficient, but a deeper dive demonstrates that it’s best to back up your files on your terms based on your business’ unique requirements, including compliance and regulatory obligations. Not only does implementing your own backup better minimize the risk of data loss, it also keeps you from spending precious time understanding someone else’s policies or hunting around for hours finding a file that may or not have been backed up, or worse yet, having to recreate it from scratch.

Adding a third-party backup service that integrates with Microsoft applications provides data retention and protection that puts everything in one place for fast and simple recovery, while supporting the productivity gains that come from Office 365 for both business users and IT staff.

Learn more about how BackupSilo uses Veeam technology to replicate all Office 365 data for added peace of mind.