Microsoft data backup in Office 365

Microsoft data backup in Office 365

No alt text provided for this image

How Office 365 data is protected against loss

On Microsoft’s Trust Center, you can read a bit about how data is protected in Office 365, from a security & compliance perspective. It’s fairly impressive, if you take the time to read up on it.

As regards availability of data: your data is always stored in more than one datacenter region within your designated geography (e.g. United States). Data is not only replicated to multiple storage locations within the primary datacenter region, but it must also be available in at least one other datacenter region at any given time (e.g. Chicago, IL and San Antonio, TX).

No alt text provided for this image

Therefore your data is highly available, and would be accessible in almost every type of disaster scenario, unless there is some event so catastrophic that multiple datacenters, geographically disparate, were to completely fail at the same time, and also to become unrecoverable in both locations (and then we have much bigger problems, no?).

So that speaks to some of the concerns around Business Continuity. Now let’s talk about backup. Contrary to popular belief, Microsoft does in fact back up Office 365 data. You can dig in and find more details about the resiliency, recovery and other protections of data on Microsoft docs:

No alt text provided for this image

The rumor that Office 365 does not back up your data turns out not to be true. Regarding data that is deleted, whether accidentally or otherwise: lost data is recoverable for a certain period of time in every subscription, which varies based on the service. For SharePoint Online, deleted items stay in the recycle bin for 93 days before they are purged, and remain recoverable during that time.

Exchange Online retains deleted mailboxes for 30 days by default, and individual deleted items within a mailbox are recoverable for up to 14 days, but administrators can also increase this to 30 days (the same amount of time as a whole mailbox). Here is how you would increase this limit to its maximum allowed value via PowerShell for Exchange Online:

Get-Mailbox | Set-Mailbox -RetainDeletedItemsFor 30

With regard to either Exchange mailboxes or SharePoint libraries, it is also possible to ask Microsoft support to restore these locations to previous points in time according to the same limits. And with OneDrive, any user can perform a similar self-service restore, that is, without contacting support.

Just be aware that when either you or Microsoft performs a full restore of some library or mailbox to a previous point in time, that action will overwrite everything that is presently there today, and literally put it back to the date requested. This is good protection for say, a ransomware scenario, but not great for individual file restores.

And while Microsoft support cannot themselves restore individual items for you from the back-end, you can of course browse the recoverable items yourself and restore them (or roll back to previous versions of files within SharePoint, for instance).

Going beyond the default recovery options…

Additionally, with Office 365 Enterprise subscriptions, or any Microsoft 365 subscription (including Business), you will also have the ability to define Retention policies, which can preserve data (even deleted data) for whatever time period you specify in the policy.

No alt text provided for this image

Keep for 7 years, then delete… then… what?

At the end of the retention period, deleted items will follow the same rules as any other Office 365 data. Here is the default for SharePoint:

No alt text provided for this image

And for Exchange:

No alt text provided for this image

Remember that 14 days can be extended to 30. Also, with Exchange Online Archiving included in many Office 365 and Microsoft 365 plans, there is the option to enable Litigation hold on your mailboxes, which means data can be preserved indefinitely. To place all mailboxes on litigation hold using PowerShell, you can run this command:

Get-Mailbox | Set-Mailbox -LitigationHoldEnabled $true

Whether under retention or hold, even when the entire underlying user account is deleted, then the mailbox simply becomes an “inactive” mailbox that can be restored at any future point, on-demand.

Immutability / WORM

Another important concept here is data immutability. Office 365 complies with SEC rule 17a-4 or WORM (Write Once, Read Many). When a SharePoint document is copied into the preservation library, for instance, that document is no longer “alterable”–it is immutable. Likewise, mailboxes on hold or retention are immutable. Once data is written into the preservation locations, that data cannot be changed. Write Once.

So if a document in SharePoint changes, those changes are written into the preservation library, but the original version remains there too, still unchanged. This is what makes it possible to roll back to previous points in time, and know that the data has not been modified from that state. Therefore, you can restore information from the preservation library at any point during the retention period. Read Many.

Actual, granular recovery of data

So you turn on retention policies, and/or you just blanket enable litigation hold across all mailboxes. Okay, great. Meanwhile, all of the data, deleted or otherwise, remains available to eDiscovery and Content searches that are performed by admins.

Restoring data is therefore possible, as you can also export from a Content search or eDiscovery case. But having to “search” for the item(s) you want to restore is a bit different than a traditional backup solution, where you can mount an image of a file structure or mailbox, and copy out the items you were looking for. Some people aren’t comfortable with not being able to see the underlying structure, so to speak, where the recovered data is coming from.

Therefore, third party solutions can offer options that may be more attractive and flexible than what Office 365 provides using its native tool set.

You should have as much backup as you are comfortable with

Some people just will not be comfortable having all of their eggs in the Microsoft basket–relying on only one set of data protections (no matter how robust they may seem).

Additionally, some people may find that third-party products provide a better experience and accessibility for individual file or message restores. Just be sure you know why you’re getting the other backup. It should be adding some value. Get a demo in advance if you can. Most of the major ones out there will support both Exchange mailboxes and SharePoint/OneDrive data.

For smaller concerns, like temporary outages of cloud services, there are several third party continuity services out there that would allow you to continue checking on and responding to emails, for instance, through a third-party portal.

And that’s about it. If you want or need any of the following, then you’re looking at a third-party:

  • peace of mind for having a backup outside of Microsoft
  • more convenience to restore individual files from different points in time without relying on a content search
  • continuity during a major cloud provider outage

Otherwise, Microsoft does provide several protections against corruption, deletion, ransomware and disaster scenarios, right out of the box, which can be enhanced further using features such as retention policies and litigation hold. If that’s enough peace of mind for you, then that’s okay too.

要查看或添加评论,请登录

Sean O'Connor的更多文章

  • Cyber Security Awareness Tips

    Cyber Security Awareness Tips

    Phishing Emails · Never respond to requests for personal information via email. Businesses will never ask for personal…

  • What is Ransomware

    What is Ransomware

  • Cybercrime: Profitable Business Model

    Cybercrime: Profitable Business Model

    Overview Top reasons why cybercriminals love the new business model Mass distribution, victim profiling and outsourcing…

  • AVOIDING SOCIAL ENGINEERING AND PHISHING ATTACKS

    AVOIDING SOCIAL ENGINEERING AND PHISHING ATTACKS

    What is a social engineering attack? In a social engineering attack, an attacker uses human interaction (social skills)…

  • CISO’S GUIDE TO SECURELY HANDLING LAYOFFS

    CISO’S GUIDE TO SECURELY HANDLING LAYOFFS

    To limit the potential for a security incident as layoffs occur, follow these 10 best practices: Be part of the…

  • Top 5 Common misconceptions about working from home

    Top 5 Common misconceptions about working from home

    During the current COVID-19 crisis, Usherwood, along with most all of our clients have gone to a remote workforce…

  • Remote Workplace Security

    Remote Workplace Security

    Considerations for Remote Workplace Security Usherwood is committed helping clients to enable their remote workforce…

  • Overlooked Security Risks

    Overlooked Security Risks

    As a security professional, when you think about digital security, you think of traditional security tools—firewall…

    1 条评论
  • Serverless computing

    Serverless computing

    Serverless computing is all the rage right now—and for several good reasons: It removes you from having to provision a…

  • Top 10 Tips for Cybersecurity

    Top 10 Tips for Cybersecurity

    INSIDE THREATS Cyberthreats to your business are usually blamed on outsiders—nefarious programmers writing malicious…

社区洞察

其他会员也浏览了