Why you need more than just Office 365 Backup provided by Microsoft

One of the most dangerous pitfalls organizations can fall into is expecting native backup to suffice for your data. Unfortunately, this is often the case for Office 365. Some people rely on the minimal backup that Microsoft provides but is that really enough?

More and more companies are making a move to select an Office 365 backup provider to keep data secure, protect from ransomware attacks, and save money in the long run. Here’s what you need to know about additional Office 365 backup protection.

The 3-2-1 Rule

The 3-2-1 Rule of backups dictates that even internal Office 365 backup should be done by a third party. 3-2-1 means three copies of data on at least two different types of media, with one of these media locations being offsite. If your only Office 365 backup solutions include letting the program back itself up, you violate all three of these rules.


Office 365 backup solutions are built into the program. Without added protection, you are basically telling the program to protect itself – to watch its own back. This doesn’t work in military strategy, business, or even a kid’s football game. There is no reason that it should work in tech, and the bottom line is that it doesn’t.

What’s more is that Microsoft agrees with this sentiment. They basically say the same thing in the company service agreement. It seems that Microsoft itself knows that there are more ways to get to your data than you would ever know.

The Problem with Internal Backup

Office 365 stores certain types of deleted items in a way that allows the end user to recover them for a period of time after deletion. As long as you can locate the data in the Recycle Bin pre-expiration, it can be fully restored. Certain types of malware, however, can delete those files so you don’t even notice they have been deleted. You can then overlook the retention period, and the file will become unrecoverable. Even if you do catch the files, certain malware has the ability to delete hundreds or thousands of files at once. You should not have to deal with this type of problem if you do not have to.

Office 365 does not have the ability to deal with this scale of threat – only third party tools do. Instead of trying to recover files one by one, you can recover them in batches and stay one step ahead of hackers who rely on stealth to successfully destroy your data.

Should you backup Office 365?

The short answer is yes. Let’s look at why.

First, the protection that Office 365 offers internally is a model of “shared responsibility.” Yes, the company has physical security monitoring its data centers. Yes, it does offer redundancy and replication. It also guarantees privacy and uptime, and it protects you from anything that happens to its data centers such as power outages, OS errors and natural disasters.

However, all this protection cannot give you any kind of guarantee from the human error that so often destroys a company from within. Nor does it take responsibility for the actions of any hacker that is able to navigate outside of the narrow parameters it sets for itself above. If your company encounters any sort of virus or has a misconfigured workflow, it is completely your responsibility. This means that your data and user backup is truly 100% your responsibility. Beyond the parameters that it sets, Microsoft customer support is minimal.

Second, your inactive users can cost you a huge amount of your operations budget. As a program that requires a license to operate, Microsoft Office 365 protects a company from being infiltrated from a recently fired employee. The problem this creates is that an employee also takes with him access to any files that he created while employed without that employees’ particular license. This can be a real problem if your turnover comes at a high level, say, your former CIO or CFO. Many companies are stuck paying for the licenses of long terminated employees just to keep the work they created years ago.

You may think that an internal 365 backup is enough to solve this problem. It is not – even daily backups. Internal dailies are certainly better than no backup, but this is often not consistent enough for companies that generate large amounts of information intraday. A third party backup makes sure that your critical information is backed up several times a day instead of just once.

Also, the 93 day site collection retention is never enough for a company of any size. Once Office 365 deletes site collections after Day 93, there is no rollback option available. The data is gone forever. The infinite retention that you receive from a third party source may just save your company, whether you need the data for compliance, legal or data reasons, its just smart business.

Finally, the internal restore feature on Office 365 is actually quite damaging. With no rollback option available, the restore feature will completely overwrite your current site collection. A third party option can restore data without overwriting your current files.

With all of these reasons to move beyond Office 365 native backup, there’s a good chance you’re convinced it’s the right move. The problem, it can still be overwhelming to find a backup as a service provider that fits your needs. Comport has a team of experts that can create a custom solution to help you protect your Office 365 environment. Contact us today to learn how we can help keep your data safe and your business operating smoothly.

Stay Connected

Sign up to get notified when we post a new blog!

Extend the capabilities of your IT team with Comport’s technology services and solutions.

Contact an expert