Australia | Why You Need Microsoft 365 Backup Solution After All

Neil Wells-West - 05.08.202220220805

Why You Need Microsoft 365 Backup Solution After All

Australia | Why You Need Microsoft 365 Backup Solution After All

“Why would my organisation need a third-party backup solution for my M365 tenant? All my data is safely stored away in the cloud and I can use all the out of the box tools like recycle bin, retention policies, site restore to protect our data etc.”

Have you found yourself having the same discussion or asking a similar question? Hold that thought…

7 KEY POINTS FOR CONSIDERATION

The cloud has drastically changed the way we do business, particularly with such Software as a Service (SaaS) offerings like Microsoft 365. Now, instead of buying expensive licenses which require upgrading every few years, organisations can subscribe to a licensing option with guaranteed access to the latest version.

This may also help to account for the reason why there were more than 285,000,000 subscribed Microsoft 365 users in April 2020 (more current data has not been published by Microsoft but it is likely to be much higher now with many organisations moving to remote working environments).

WHO IS IN CHARGE?

Although it’s true Microsoft does the bulk of the hard work behind the scenes in keeping the Microsoft 365 infrastructure secure, it doesn’t mean your critical data is fully protected.

Microsoft 365 is implemented as a ‘shared responsibility’ model which means Microsoft looks after the platform and software but organisations themselves oversee the data stored on the platform.

Microsoft does provide 30 days’ worth of backups though in many cases this is insufficient for many business-critical operations – especially when we consider the amount of business-critical data users often store in their mailboxes.

1. Accidental deletion

Australia | Why You Need Microsoft 365 Backup Solution After All

Based on many years of real-life experiences, accidental deletion of files or emails accounts for a large percentage of support requests to IT Helpdesks.

When a user accidentally deletes a file in Microsoft 365 they have 30 days to recover the file from the Recycle Bin. The accidental deletion may not be discovered until after the recovery period has lapsed, meaning the Recycle Bin capability can become largely redundant.

Using a third-party Microsoft 365 backup solution provides a more controlled approach for deleted files – as well as facilitates a longer recovery window.

2. Internal Security Threats

Australia | Why You Need Microsoft 365 Backup Solution After All

In reality (unfortunately) not all file deletions are accidental. Staff leaving the organisation, disgruntled employees or people holding a grudge may delete critical data out of malice. The good news is although this issue is quite prevalent, according to the Ponemon Institute malicious incidents only represent 23% of all insider threats. However, it’s important to note identifying the issue may take longer than 30 days.

3. External security threats

Phishing is still a significant threat to nearly all organisations and their data. The latest Cyber Security Breaches Survey 2022 states around 83% of businesses are regularly reporting these types of attacks. It is still surprisingly easy to trick an employee into revealing credentials with a well-targeted phishing campaign. As soon as a criminal has credentials to a system they can steal or destroy whatever they like. A robust backup and recovery solution will enable an organisation to reverse any damage caused quickly and easily and this will result in a minimal impact on the organisation’s operations.

4. Clarification for retention policies

Around 44% of organisations using Microsoft 365 leverage native M365 data protection like Microsoft Purview for their backup strategy, while 32% use a third-party M365 backup and 20% have no Microsoft 365 backup strategy at all.

This data is based on a survey of 102 Microsoft 365 organisations conducted in December 2020. These results align with similar surveys by Gartner 1 and IDC2.

Retention policies being used as Microsoft 365 backup are approximately 10x less popular than native tools with the E3/E5 subscriptions (which include compliance retention) account for around 16% of the installed base.

An organisation can enable retention for most of the Microsoft 365 services and their data types. Once a retention policy has been enabled it ensures any existing items (when the retention policy is created) and all new data remain in Microsoft 365 for a prescribed period of time. If any users or administrators delete items (e.g. files or emails), the retention policy will remove it from the corresponding Microsoft 365 service but the items will still be accessible and searchable using the Compliance eDiscovery application. It will then be retained in a special area called a Preservation Hold library where all this data is retained within the M365 tenant (which includes all previous versions of every file – see below).

5. Cost of retention policies

Australia | Why You Need Microsoft 365 Backup Solution After All

Data which is retained due to retention policies counts towards an organisations Microsoft 365 storage quota, making it an important consideration of cost to use compliance retention as a backup option.

Typically the additional storage consumption is most relevant for SharePoint and OneDrive data:

  • OneDrive for Business storage is in theory unlimited in E3/E5 subscription plans.
  • Once a user exceeds 1TB an organisation can request Microsoft support to increase/remove the limit. However, this limit cannot be increased for all users simultaneously and must be requested each time a user reaches it in stages (which takes time if an organisation has many users).
  • The total SharePoint limit (pooled across all SharePoint sites in a Microsoft 365 tenant) is set at 1TB + 10GB x the number of M365 users in the tenant. If a user exceeds the limit they will need to delete data or the organisation will need to purchase additional storage.
NoteStorage limits are slightly less relevant for Exchange Online because E3/E5 plans include auto-expanding archiving and for Teams because most significant Teams data (e.g. documents) is stored on SharePoint sites and user One Drives.

6. Legal and compliance requirements

Usually, corporate data must be retained according to a set of strict and agreed compliance requirements – these requirements often impose retention for several years. In this scenario retention policies can assist but only an immutable backup solution will actually provide the protection which may be required.

7. Managing hybrid enviroments

In an ideal world everything would run natively in Microsoft 365, though many organisations maintain hybrid environments. These often merge services such as Exchange Online with on-premises legacy Microsoft Exchange Servers and add to the complexity of backing up and restoring data, making the choice of a data protection tool critical.

This is particularly relevant when an organisation is planning for the future of its Microsoft 365 deployment. The choice of the correct tool will simplify the process of deployment and migration by making the organisation’s data more portable.

NEXT STEPS

If you would like Insentra to help you with the next steps through your nominated Partner, please contact us.

For more insights on Microsoft 365, data security and more head over to the Insentra blog.

THANK YOU FOR YOUR SUBMISSION!

Australia | Why You Need Microsoft 365 Backup Solution After All

The form was submitted successfully.

Join the Insentra Community with the Insentragram Newsletter

Hungry for more?

If you’re waiting for a sign, this is it.

We’re a certified amazing place to work, with an incredible team and fascinating projects – and we’re ready for you to join us! Go through our simple application process. Once you’re done, we will be in touch shortly!

Who is Insentra?

Imagine a business which exists to help IT Partners & Vendors grow and thrive.

Insentra is a 100% channel business. This means we provide a range of Advisory, Professional and Managed IT services exclusively for and through our Partners.

Our #PartnerObsessed business model achieves powerful results for our Partners and their Clients with our crew’s deep expertise and specialised knowledge.

We love what we do and are driven by a relentless determination to deliver exceptional service excellence.

Australia | Why You Need Microsoft 365 Backup Solution After All

Insentra ISO 27001:2013 Certification

SYDNEY, WEDNESDAY 20TH APRIL 2022 – We are proud to announce that Insentra has achieved the  ISO 27001 Certification.