Help - Office 365 Backup Policy

Brass Contributor

Can someone please point me to the official O365 backup policy(link/document). I'm interested to know the backup policy for SharePoint sites and OneDrive on Office 365.

42 Replies
This is not something that is published publicly.
If you have a look on the Office 365 Trust Center they talk about service continuity and preventing data loss, but their responsibility is only to ensure that the service is operation and data is accessible - not responsible for the backup of individual customer sites/libraries/files.

I see a lot of references on the internet to the folllwing statement:

"Microsoft takes backups of site collections every 12 hours and keeps these backups for 14 days"

Is there any truth in this ?

 

Reference: https://techcommunity.microsoft.com/t5/Office-365/Back-up-tools-for-Office-365/td-p/3084

Hi Dominic,

 

Like Loryan said you can see the trust center.

 

I advice to have at least E3 licences and use Preservation Policy - https://support.office.com/en-us/article/Overview-of-preservation-policies-9c3b1d52-40ce-4ba3-a520-9...

We're just going to have to believe them. :)

Don't use preservation policies as they a SharePoint-only option (still existing, still active, but the wrong choice). The long-term solution for retention of information inside Office 365 is in the new data governance framework where you can create retention policies that apply across more than just SharePoint and classification labels that dictate precisely what happens to information when a retention period expires. See https://www.petri.com/office-365-data-governance for more.

Yes, I agree with Tony.

 

Has you can read the Tony article it explains the best way to acomplish your goal and move to a integrated solution.

 

Here how to implement https://support.office.com/en-us/article/Data-governance-in-the-Office-365-Security-Compliance-Cente...

What relevance does a PST-based backup tool have to a discussion about backing up documents from SharePoint and OneDrive?  Why would anyone use an insecure, prone to failure file format to backup information in such a way that it instantly breaks any notion of compliance?  Unless of course this is a thinly-veiled attempt to sell the product... Which it is... and it doesn't work. PST-based backup products are bad. End of story.

Once more to make the same comment...

Why would anyone consider it a a good idea to backup Office 365 data to PSTs? It is a horrible, brain-dead suggestion. All you do is dump data out into an insecure format that is well known for its ability to corrupt information. Does that seem like the right kind of backup strategy?

I got this link explaining about Office 365 Backup & Recovery Policy. You may also have a look

--https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies

 

Hope this will help you!!!

Would anyone really take a document purporting to the the ultimate guide to Office 365 backup seriously when the text is so horribly written? https://www.systoolsgroup.com/updates/backup-recovery-policy-office-365/

 

"Now days, Microsoft Office 365 is the most popular business productivity suite. Around 23 million users are using Office 365 application across the globe. With the help of Office 365 suite, users can work online, share many files or spreadsheets, work from their home or mobile devices. It is the perfect Cloud solution for any business."

 

The official number for monthly active Office 365 users is 135 million, not "around 23 million." This document is no more than a thinly-disguised attempt to make people believe that they need Office 365 backups. In most case, they don't.

 

I'm curious why you think companies don't need backup for Office 365?  Built-in tools handle things like accidentally delete emails and files, but don't handle things like:
- accidentally or maliciously purging recycled/deleted items.

- well meaning admin deleting or purging things they weren't supposed to 

- malicious person gaining unauthorized access to an admin account

- massive ransomware attack that encrypts files stored in Office365

 

The built in tools are not built to handle these situations.

It might be a true statement to say that most companies will not experience these things, but that's also true of traditional IT and disasters.  Yet will still have a DR plan, even though the vast majority of companies will never fire their DR plan in anger.

So why do you believe companies don't need to backup Office 365?

Microsoft do take backups of sharepoint repositories and if I remember it correctly has backups 14 days back! Regarding encrypted files there is now onedrive restore which functions as a snapshot like service 30 days back! This will soon be available for team sites as well!
There can be a lot of discussions about this subject! There’s cloud to cloud backups which I support more than cloud to on-premises backup solution but overall office 365 contains a lot of security features to protect against abnormal usage and preventing access to people who shouldn’t have access! Keeping your admins to minimum and always use MFA
Is more than recommended! There are features of putting important document on hold! Putting data on-premises both defeats the purpose of the cloud and also puts data at more risk for breach

Agreed on the on-premises comments.  (Disclaimer: I work for a cloud-to-cloud backup company.  But, FWIW, I've specialized in backups for 25 years and always been a fan of cloud-based backup.)

 

My concern about the built-in Sharepoint backup is that restore is all or nothing, AND it's only the last 14 days. I'm also not sure what the SLA is there (RTOs RPOs).  It seems very similar to the built-in Salesforce backup that Salesforce will tell you is an absolute last resort.  From a backup perspective restoring your entire environment because a part of it is damaged has never been a good idea.

 

The Onedrive restore features handles the last 30 days. If the thing you're trying to fix is over 30 days old, you're out of luck. 

Yeah! You have to put things into perspective and think about it really! In some situations I guess that’s a good option doing a cloud to cloud backup! But most scenarios I don’t really think so! You have the 2 step recycle bin for for files, versioning for content within files and restore for the library in case of disaster or a night out coming home and doing some work! Last resort the MS backup!
Very important document could be set on hold Or set as record
Together with good security measures this will do well enough for most people

Adam

"for most people" is the key phrase there. Most people don't get ransomware.  (But it happens every day.) Most people don't have a hacker gain access to a privileged account. (But it happens every day.) So most people won't end up really needing something outside what MS give them.

 

 

BUT if your company DOES have one of these things happen to them, you're out of luck if you don't have a third-party backup of your O365 data.

 

 

That's why I think it's irresponsible to say that you don't third party backup of any computing service.

I get your point, but I’m not saying no one needs this as I told you there are use cases! Some of your scenarios I believe I covered! We can go very far into our discussions on what a hacker has the possibilities of doing and there are always one step further securing the data! I’m not saying there is something wrong with doing a cloud - cloud backup but I still believe in saying this is overkill for many 365 customers!

 

IMO it's only overkill if you don't care about your company's data stored in Office365.  If a company is prepared to take the risk of losing everything stored there, then sure.  They don't need 3rd party backup. Short of that, I can't think of a single use case where it's overkill.


That's my story and I'm sticking to it. 

In what universe does it make sense to extract email data from a cloud service and save them to a PST?

 

Apart from needing to do this to provide the results of an eDiscovery search to investigators, I can't see any reason to encourage people to save email to a workstation. All this does is create a horrible security issue like the one experienced by Sony when hackers cracked their network and retrieved sensitive email stored inside PSTs.

 

PSTs and backup should not be used in the same sentence. They just don't belong together.