Jul 22 2016 02:22 PM - last edited on May 21 2018 09:33 AM by Eric Starker
Started this question a while back on Yammer. What tools do you use to back-up mail and files stored in Office 365?
The fact that your files are back-upped inside and outside the datacenters of Microsoft only protects you against hardware and software failures on Microsofts side. It will not protect you against accidentally deleted files and mails, which is discovered after 30+ days or after the site trashbins have been emptied.
At least that's what I think. Anyone has an answer? My customers are typically small companies, under 10 users. Sometimes even just 1 to 3.
I use de SkyKick Back-up tools in my own O365 tenant. Which was an offer in the Microsoft Partner Mail recently.
Jan 16 2018 01:55 AM
Rylan King wrote:
It means that one should stop you using MS Outlook also. If you think so that PST is a bad format then you should recommend Microsoft stop giving new updates.
Still, the large number of organizations have their data stored in PST file format.
You don't need to stop using Outlook. PSTs were invented a long time ago when mailbox quotas were small (like 50MB to 100MB) to give users more space. We're talking 20 years ago... But time moves on and Office 365 makes 100GB quotas available to users, so there is no need to continue using PSTs.
The PST is an insecure (passwords are easily cracked) and fallible file format. Storing content in PSTs means that it is not indexed and discoverable. Companies cannot apply policies to content held in PSTs (DLP, retention, classifications). In short, PSTs are a horrible thing to have. They should be eradicated from all Office 365 deployments as quickly as you can, which is what many major companies are doing now. The problem is that PST eradication takes lots of preparation and is costly, but it has to happen... IMHO.
Jan 16 2018 11:51 AM
In what way are .OST files better for security than .PST files, or are you suggesting that all email be accessed through the browser?
Jan 17 2018 02:13 AM
Great message from @Tony Redmond. We should not only do, what a customer or a business unit wants, we should always advise on best practices and recommendations. Only in this way, when thinking pro-actively, the business prepares for the future and stays competitive. Otherwise, companies are in danger to fail the digital transformation and then fail their business.
For the OST vs. PST question. The first one is only a local temporary copy of PST content, hence, it's even worse to use this as a backup. There are a couple of good 3rd party solutions in the market (like AvePoint, Veem, Skykick, etc.) to backup in a more secure format including encryption. This does not only apply to email, but also to the other data stored in Office 365. In line with Tony, I'd recommend to go away from those PST "backup" and use real backup tools.
Consider this like a car insurance. You don't really want to use it, but if something happens, you're happy when you have an insurance, which covers everything (and not only the tires ;) ).
Jan 17 2018 02:43 AM
An OST is tied to a mailbox and can only be opened by the owning mailbox (they match with MAPI ID). A PST can be opened by any Outlook client, so it is inherently less secure than an OST (that being said, utilities exist to convert an OST to a PST).
Another point is that you can use the Outlook slider to restrict the amount of information synchronized to the OST. If you were worried, you would keep maybe the last three months of mailbox data in your OST.
However, I am not really concerned about OSTs. These files live on personal laptops and workstations and can be encrypted using BitLocker. What I am worried about is where people put PSTs on shared drives or use PSTs to swap information with others. This is what happened in the Sony hack - attackers were able to access file servers and grabbed PSTs from those locations. That's much easier than trying to hack into multiple user PCs to look for PSTs... But again, if a non-protected PC falls into the hands of an attacker, both PSTs and OSTs can be compromised.
My advice (always) to CIOs is to minimize their company's exposure to risk by eliminating PSTs whenever possible. Sometimes PSTs are a necessary evil, as when you export eDiscovery results to PST to give data to an external expert, but you should always have a good and well-documented reason to put data in a PST.
Feb 02 2018 07:32 AM
*Disclaimer, I didn't find a product that would meet/match the requirements Tony*
At the last company I worked for I was tasked with evaluating products to backup O365. I reviewed Barracuda, Backupify, Unitrends, and one other that slips my mind (I skipped AvePoint due to the price point). While none of these products were perfect we did end up going with Backupify. The reason we chose them were the ability to redirect restores both in Exchange, OneDrive, and SharePoint, they provided unlimited storage, and the method of restores were obvious for the user and provided security against overwrites. They also had the ability to backup O365 group SP content. With that said I had concerns about the data center reliability (I think they had two), the interface was clunky and didn't provide a lot of basic reporting I would like. I also had an issue trying to restrict backing up certain things (which might sound counter-intuitive). Was this a great product? No, but it met the basic requirements of what we needed balanced against price. My review of the products was in July-Aug 2017 time-frame so this product and others might have changed since then.
Feb 02 2018 07:37 AM
Feb 02 2018 07:58 AM
Hey @Christopher Moore,
great use case, that you shared.
It's funny with the AvePoint pricing. :D Although they have changed their pricing entirely, there're always these rumors with too high prices. Would you check tool capabilities independently of prices or is it your first filter criteria?
Feb 02 2018 08:31 AM
Feb 12 2018 10:29 AM
Hey @Christopher Moor,
sorry I didn't got back to you earlier. You're right, I'm working for AvePoint, but that's not the point. I like your wording (something like) "if it's the perfect tool, no, but it covers the use case..." This is exactly my view! I'd like to encourage people to compare options and chose the right one for their needs, not the perfect one. Therefore I was interested, why you're directly excluding options without really comparing.
Times are changing very fast and cheap products could be very expensive 6 months later (or the other way around) as well as missing features can be included a few months later. Hence, I'm not pushing for a certain product, I just want to encourage everybody to really compare in order to find the best product for their use cases. :)
Have a great day
Feb 13 2018 10:06 PM
I am very new to the backup & restore world and wanted to understand what are the recommendations on taking back up of Office 365 and SharePoint online.
Feb 16 2018 02:54 AM
as with many other services, backup highly depends on requirements. For many of my customers there are corporate compliance rules demanding to physically own business-related documents. Means backup is not for restore options or DR only. Flexible tools with low complexity (and pricing) can do this job. But other customers may have other, possibly more complex, requirements (and also bigger budgets;-). Please contact me directly for a detailed discussion or consulting.
Mar 10 2018 04:44 PM
Tony, do you have enough evidence from you customers that a complex backup/restore solution for Office 365 applications (such as Groups, Teams, Planner, StaffHub) is really needed?
Or it is pure theoretical exercise in capabilities of various commercial backup solutions?
Mar 11 2018 07:39 AM
I think there are three aspects to consider here.
First, Office 365 is a more complex environment and I don't think ISVs who market backup products for Office 365 can claim that their products handle Office 365 when they really only handle a defined subset, such as Exchange Online or SharePoint Online.
Second, there is a trend inside Office 365 to move some work to new apps (for example, from email to Teams). The new apps are relatively recent, but don't they deserve as much attention as the traditional apps, especially in an era when compliance and data governance has become more important.
Third, Microsoft says that a tenant's data is theirs... but unless you can extract and move that data, can that claim ever be tested?
Mar 11 2018 08:15 AM
since more an more companies are using Groups and Teams, this becomes more and more important for an cloud backup solution. Hence, with Exchange only you don't have a comprehensive solution. I haven't heard the requirement for Planner, StuffHub or Project Online backup not that often - so far - but this can change in the future.
@Tony Redmond, I have to disagree with you point 3. Microsoft clearly states, it does NOT own your data. Microsoft is only data processor, but not data owner. This is also very important to know in regards to GDPR. However, this also makes clear, why customers need additional backup solutions, because Microsoft is not responsible for that. Please see the Office 365 Trust center if you've doubts:
"With Office 365, it’s your data. You own it. You control it. And it is yours to take with you if you decide to leave the service."
Mar 11 2018 08:30 AM
"a tenant's data is theirs" means the tenant owns the data, not Microsoft. It is just one way of saying this in English.
And re. the quote... without the ability to backup (or extract) the data from apps like Teams, it will be impossible for a tenant to leave Office 365...
Mar 11 2018 08:43 AM
Mar 11 2018 08:48 AM
You're right that there is no viable target for something like Teams right now, but that's because Microsoft doesn't have an API to allow developers build something like a Teams to Slack (or another app) tool. It's an obvious and glaring gap at the moment that I have been pretty strong about when I have had the chance to talk to Microsoft on the topic.
Mar 11 2018 08:55 AM - edited Mar 11 2018 10:22 AM
Hey @Oleg Melnikov,
check out this free ebook for cloud backup. There you can find further use cases. Your mentioned cases are the top 2, so great Job! :)
Also, there are sill technical glitches (even I recently had with Office 365) or rogue Administrator, which can also require a backup solution, just to name two further examples. But again, these are just examples and every company should evaluate themselve, if this is really something, which is happening in this company (and how often) and if they want to secure these use cases with a dedicated backup solution.