Five Data Protection Realities for Microsoft 365

Five Data Protection Realities for Microsoft 365

The COVID-19 pandemic has radically transformed the technology landscape. The pandemic turbocharged the adoption of Microsoft 365, Microsoft Teams, and collaboration technology in general. With traditional offices shuttered and millions of knowledge workers forced to work from home in the past year, everyone learned how to communicate, connect, and collaborate in a virtual manner.

The statistics around Microsoft 365 adoption are rather astounding. Before the pandemic, 365 and Teams were already Microsoft’s biggest and most important bets. But during COVID, things really exploded. According to analysts, by the end of 2020 Microsoft 365 reach 200 million monthly active users. And Teams adoption mushroomed in 2020, as the remote workforce embraced video-based collaboration like never before. At the end of the year, Teams daily active users reached 115 million. (

Now more than ever, organizations need to be mindful of the value of their cloud-hosted data. Millions of users and teams are busy creating vital work product, documents, chats, and collaborations that live primarily in Teams and the rest of the Microsoft 365 suite.

Data in the Microsoft 365 suite is vulnerable to theft, corruption, or loss, just like data housed in traditional on-premises servers and storage. While cloud-based SaaS applications are quite resilient by design, data loss in the cloud can be just as damaging to an organization.

Here are the five reasons companies should backup data living in your Microsoft 365 environment.

1. Data in the cloud can be lost, stolen, destroyed, or corrupted

There is a widespread misunderstanding around the need for backup of cloud data and SaaS applications. For decades, the cloud was relegated to backing up on-premises data. Now, most data is being created natively in cloud-based applications. This data is vulnerable to permanent data loss if it is exclusively or primarily stored in the production environment in the cloud.

Just like on-premises data, cloud-hosted data can be inadvertently deleted or corrupted by users or administrators. Rogue employees or administrators, if highly permissioned, can easily sabotage data and applications. Hackers and cybercriminals also continue to innovate novel ways to extract ransom payments out of organizations and their cyber insurance carriers. Of late, cybercriminals have turned to data exfiltration and theft instead of the standard encryption attacks. In these scenarios, data stolen from cloud environments are threatened with public release or destruction if a ransom isn’t paid.

Suffice it say, cloud-first data needs to be backed up and in some cases archived for long periods of time.

2. Microsoft is not responsible for protecting your data in Microsoft 365

While you need to read the small print to get to the heart of the matter, nearly every cloud and SaaS vendor makes clear that the customer, not the vendor, is responsible for protecting the corporate data that resides in cloud applications. The cloud vendor has many responsibilities to provide a secure and resilient cloud application, but ultimately the data protection responsibility rests with the customer.

In the case of Microsoft, this reality is spelled out very clearly in Clause 6 b. of the Microsoft 365 service agreement: “We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”

The data and content that lives in Microsoft 365 and elsewhere is “Your Content and Data” and should be protected accordingly.

3. Most small business Microsoft 365 subscriptions lack rich data retention and archiving capabilities

While Microsoft makes clear that the customer bears the responsibility for data protection, the company does provide a range of data retention and protection settings that are available on its enterprise-class service offerings. The Microsoft 365 E3 plans and above have rich archiving and data retention features that meet the needs of larger organizations. Unfortunately, the E3 plans are expensive and really designed for organizations with thousands of employees.

Most organizations license Microsoft 365 Business Standard and Premium, which lack the robust data retention capabilities mentioned above. The Standard and Premium packages are affordable and the go-to option for most small and medium businesses, but they lack the backup and archiving capabilities every organization needs.

4. Compliance requirements likely mean you need a third-party backup for your Microsoft 365 data

Highly regulated industries such as medical, financial, and defense contracting have strict cybersecurity and technology standards for organizations. In nearly all cases, data backup procedures are mandated and must be thoroughly documented and periodically tested. These regulations do not distinguish between data hosted in on-premises servers and storage, user laptops and workstations, or in the cloud. All of this data must be protected. Moreover, it is vital for organizations to configure data repositories and storage so as to prevent data sprawl and ensure privacy and protection for sensitive patient or customer data.

In addition to compliance regulations, insurance carriers that supply E&O and cyber liability coverage are raising the bar on insureds with required additional layers of cybersecurity and backup protection. Again, in our mobile-first and cloud-centric technology landscape, the requirements of insurance carriers do not distinguish between on-premises vs. cloud-hosted data.

5. With so much teamwork and collaboration on Microsoft Teams, backing up everything from Microsoft 365 makes sense

As we explored earlier in this blog, Microsoft Teams burst onto the scene in 2020 as the collaboration glue that kept organizations functioning during a deadly and disruptive pandemic. By some estimates, years of the learning curve were compressed into mere months. For many companies, they now simply “live” inside Microsoft Teams, leveraging chat, calls, and meetings, while seamlessly collaborating on files, calendars, and team-based content in ad hoc Groups. All of this collaboration creates new, vital work product and content. It also creates context, which further streamlines collaboration and employee productivity.

Everything in Teams is vital to organizational productivity. That’s why organizations should consider backup solutions that are specifically designed to enable the comprehensive backup and easy restoration of all of the key elements of the Microsoft 365 suite, including Microsoft Teams.

With Dropsuite you can ensure important files share in Teams are backed up and secure. Safely backup, manage, recover, and protect Teams, along with other Office 365 critical assets such as emails, contacts, calendars, tasks, and much more. Dropsuite Email Backup and Dropsuite Email Archiving provide complete Microsoft 365 data protection, specifically created for the extra demands placed on regulated firms who need a bundled solution of email backup with advanced archiving.

Share on