Protecting your data against file corruption , data loss, and malicious intent is a top priority for Microsoft, and an integral part of the Office 365 service. Our approach to data protection goes beyond high availability and disaster recovery scenarios. Resiliency and recoverability are built into the service.


Even if a traditional backup solution provides recovery options to address file corruption, deletion, and malicious attacks, it won’t necessarily help you recover quickly from such incidents. Research shows that it can take months to detect the presence of an attacker an organization’s network. Given this, a backup and restore solution could be a potential area of attack, and could further broaden the scope of attack into your disaster recovery environment. Additionally, all backup data would need to be throuroughly cleansed before it could be leveraged as a viable restore option. Gartner predicts that by 2020, 30% of organizations targeted by major cyberattacks will spend more than two months cleansing backup systems and data, resulting in delayed recoveries.[i]


With this in mind, Office 365 has moved beyond the backup and restore solutions that were first established in on-premises environments. Microsoft invests deeply in providing a holistic in-place solution that both keeps multiple copies of your data across multiple locations, and enables you to develop upfront policies for prevention and detection. These policies can be enforced manually and automatically at multiple levels of granularity, including via intelligent location-based classification, patterns, or sensitive types of content.


In addition to the inherent versioning and recycling capabilities provided by applications like Exchange, SharePoint, and OneDrive, Office 365 provides comprehensive solutions to help keep your data safe from both human error as well as malicious attacks:

  • Data Loss Prevention helps customers to identify, monitor and protect sensitive data through deep content analysis.
  • Exchange Online Protection provides robust email protection against spam, known viruses and malware.
  • Advanced Threat Protection extends Exchange Online Protection by safeguarding your Office 365 environment (email, Word, Excel, Powerpoint, SharePoint, OneDrive, and Teams) from today’s most sophisticated unknown threats leveraging behavioral analysis and machine learning techniques to mitigate malicious content. ATP also provides real time, time-of-click protection against malicious URLs, and rich reporting and tracking capabilities, so you can gain critical insights into who is being targeted in your organization and the category, volume, and frequency of attacks you are facing.
  • Threat Intelligence provides interactive tools to analyze prevalence and severity of threats in near real-time, real-time and customizable threat alert notifications, and remediation capabilities for suspicious content.
  • Auditing helps monitor and investigate actions taken on your data, intelligently identify risks, contain and respond to threats, and protect valuable intellectual property.
  • Advanced Data Governance provides smart policy recommendations and automatic data classifications that allow you to take actions on data- such as retention and deletion -throughout its lifecycle. Built-in and custom alerts help you identify data governance risks like unusual volumes of file deletion.

The multiple built-in security capabilities of Office 365 in combination with the above services and controls help ensure your data is protected in-place and incidents like file corruption, deletion, and malicious intent are minimized at all times.


More information:


[i] From Gartner Foundational Research: Prepare for and Respond to a Business Disruption After an Aggressive Cyberattack, ID: G00275607


Excellent article. I particularly found the link about data resiliency interesting. However, I question whether it is really "beyond backup". 


If someone came to me and said "I just looked at the ABC SharePoint site and Document Library XYZ is gone. I know it was there last March. Can you restore it for me?" I wouldn't know what to do, even if it was within the period set in the retention policy. With a conventional backup I would have someone get the backup tape from last March, mount it, select the folder, and click restore.


All the threat protections are great, and necessary, but we still need to easily do some of the simple things we can in our on-premises environment.

Great article and excellent resume @Wim Coorevits !

Super Contributor

Thanks for the great article


Thanks for the kind feedback!


@John Twohig, thanks for sharing your scenario. In this situation, with the retention policy configured, individual items that were deleted would have landed in the Preservation Hold library for the period you have configured on the retention policy. The Preservation Hold library keeps track of the original location of the document as well as its metadata so you'd be able to filter on those from the XYZ library and copy them to the location of your choice.


The article Overview of retention policies has more details on the behavior of retention policies for SharePoint, OneDrive and Exchange.  




There are certainly lots of files in the Preservation Hold Library but they are very difficult to get at. Two keys to any backup solution is the ease and speed of recovery and I don't see it here. The Overview of retention policies is long and has lots of very useful information but I don't see one word on how to make use of the information that has been retained. In all my searching I have found lots of information about retention but nothing on how to access the preserved data efficiently. 


However, having said that, we had a case where an employee left and came back several months later. He requested the contents of his old mailbox which had been deleted. The mailbox was within our retention period and we were able to get his old information and merge it to his new mailbox. It worked like a charm! It was quick, easy, and accurate. 


If there was a similar process for retained SharePoint and OneDrive for Business files I might agree that it is "beyond backup".


Thanks for your article and comments.

Trusted Contributor

Great post, good observations about the different mindset from on-prem to cloud and how things change. Customers can still get rattled with losing the controls they had before and not having an equivalent safety net.  Say what you will about on-prem backups but they are tangible and generally understood, going back many years if needed.  This is when some customers may look at third-party solutions and there are many options out there that can fill a perceived gap.  Also, of course, different companies may have industry-specific requirements for very stringent compliance requirements.  


For many though, if not most, we can just benefit from taking advantage of these enlightened services that take most of these concerns away.  I like that Microsoft gives us options as well, for example, the upcoming self-service OneDrive File Restore service looks great and is pitched as a remedy for major data loss scenarios.

Occasional Contributor

I am with @John Twohig on this one. The retention hold is a great tool but it requires quite a bit of knowledge to setup correctly and to be able to find and restore content.


One of the many strong points of the many 3rd-party backup solution out there is the ease of use. Many organization that we work with do not have an in-house Office 365 admin / expert (it really doesn't make sense for an organization with a dozens or even a few hundreds employees) with deep knowledge of the platform. Having access to an interface where backups are easily configured and files restored when needed if a major selling point.


I am really interested in seeing Microsoft integration more backup / recovery options into Office 365 but I am not yet ready to say it is an all inclusive solution.