5 Microsoft 365 Backup and Recovery Myths
It’s not uncommon to think that Microsoft 365 backup is automatically protected. While Microsoft may host the infrastructure, it doesn’t necessarily include comprehensive data protection or disaster recovery.
In fact, what Microsoft provides doesn’t meet the levels of data protection needed to satisfy today’s stringent data protection, disaster recovery or cyber security requirements.
Data can be lost or damaged based on a number of unforeseen situations, including accidental deletions, changes and malicious activities like viruses and ransomware, and navigating these challenges can be tough without a Microsoft 365 support partner.
Here are five of the most common Microsoft 365 backup and recovery myths:
Myth #1: My Data in Azure Cloud Is Always Available, So I Don’t Have to Back it Up
The Azure cloud is a large, distributed physical data center and is subject to all the same challenges as your own data center.
For instance, on May 2, 2019, customers experienced connectivity issues with Microsoft cloud services including Azure, Microsoft 365, Dynamics 365 and Azure DevOps for three hours. The outage was caused by a failed DNS change implemented by Microsoft themselves.
SharePoint and OneDrive offer some backup capabilities to protect against accidents, but what happens when these systems aren’t available? IT organizations need complete access and control of their data at any point in time.
Performing regular backups allows you to restore business-critical data to another location, including on-premises, to reduce the risk of business downtime that negatively affects your revenue stream, reputation and company productivity.
Myth #2: My Microsoft 365 Data Is Protected Against Human Error
Have you ever accidentally deleted an email, OneDrive file or SharePoint item? These are the most common causes of data loss in a Microsoft 365 environment.
Microsoft 365 Geo-replication has a domino effect on data deletion, causing the deletion of all replicated data. Even IT administrators have occasionally made serious errors, sometimes removing entire data volumes by mistake. By performing regular backups, you can recover lost or damaged data.
Myth #3: Microsoft 365 Is a SaaS Product: The Data Protection and Security Is Built-In
Your Microsoft 365 data isn’t automatically safe against cybercrime. Here are some of the ways criminals can access your data:
- Ransomware/malware infects your device and deletes or encrypts files.
- Microsoft 365 account is hacked via phishing.
- A criminal can impersonate a Microsoft 365 administrator by having an Access key, Secret Access key and domain.
- Unpatched and undiscovered Microsoft 365 vulnerabilities are always possible.
- The OAuth2 protocol can be used to gain programmatic access via Azure AD and there are vulnerabilities in OAuth2 itself.
No software is 100 percent safe from security vulnerabilities, and without a true backup and recovery solution, companies using Microsoft 365 without proper data backup protocols are at great risk.
Myth #4: The Microsoft 365 Retention Policy and Version Control Fully Protect My Data
While Microsoft 365 offers a data retention policy where documents can be retained for 93 days and emails for 14 days, this isn’t the long-term data retention required by most compliance regulations.
Retention policies do not protect files if they are maliciously or accidentally changed or deleted, and they don’t deliver a 3-2-1 backup strategy (having multiple copies of data on separate devices and in different locations.)
Another important thing to note is there is no point in time recovery, or replication copy. If you unintentionally corrupt a mailbox or item in production, you corrupt it in the retention archive folder, too.
Microsoft offers a versioning capability for OneDrive and SharePoint, and while versioning can recover an older file version if the current file is lost or damaged, it’s not the kind of backup and recovery that protects the most current version. A large amount of work could be lost (that was created after the last version) recovering an older version of a file.
Malware could find its way to all the versions and delete or damage them all. In a worst-case scenario, if you lose OneDrive, you lose all the versions since all copies aren’t kept off site and independent.
Performing a backup is a significantly better approach to data protection and recovery. Having multiple copies of your backups on different devices and locations is your best defense against malicious attacks.
Myth #5: Microsoft Offers High Availability for Exchange Online Through Data Availability Groups (DAG), So I Don’t Need to Back Up
Every mailbox database in Microsoft 365 is hosted in a database availability group (DAG) and replicated to geographically separate data centers within the same region. However, in all cases, every mailbox database has four copies that are distributed across multiple data centers to ensure that mailbox data is protected from software, hardware and even data center failures.
Out of these four copies, three of them are classified as highly available. The fourth copy is configured as a lagged database copy.
While DAGs are a very good disaster recovery mechanism, it’s not meant for typical backup and restoration where you may need to recover an individual mailbox, email or attachment. The lagged database copy can only be prevented from syncing up to every 14 days, so any accidental or malicious changes or deletions are applied to even the lagged database.
According to Microsoft itself, “DAGs are not intended for individual mailbox recovery or mailbox item recovery. Its purpose is to provide a recovery mechanism for the rare event of system-wide, catastrophic logical corruption.”
Microsoft 365 Backup Experts
Data loss due to human error, ransomware or malware attacks, or a wide range of IT disasters can negatively impact your company’s productivity, your customers and your business reputation.