Backup for Office 365: It’s already included…. Isn’t it?

Over the last year, I’ve seen a significant uptake in businesses moving from on-premise Exchange environments to Office 365 and it makes absolute sense. When it comes to a messaging there is hardly any difference (in terms of business value/competitiveness)  whether you run it yourself or consume it a service.

But one area, in particular, does come into play; backup & restore.

Firstly let’s start with the definition of a backup:

An independent copy of my data that can be restored if the source system or service is unavailable.

It’s pretty hard to argue with that definition but, I understand that many will have their own derivatives of this.

Now let’s look a typical on-premise enterprise estate, most have Exchange and plenty more have tape or disk-based backup appliances, keeping data anywhere from 1-7 years (and a few outliers that refuse to delete anything, LTO2 anyone?).

So why, why did we spend all that time and money on backup in the first place.

Well actually – it wasn’t about backup, it was about the restore capability.

As an exchange admin in a past life, I had to be able to tell the directors that I could restore the whole system or individual emails on demand, for however long the business required.

With this in mind, let’s take a look at the native O365 capabilities – what do you get for your £17.60/mo per user? (E3 is the minimum subscription offering hold capabilities).

Firstly, we have deleted items, this is handy – users inadvertently delete something and can restore these items with a simple click & drag operation. You can even configure this to have unlimited retention (14 days by default). Fantastic!

But, what if a user wants to make sure something is no longer in the system – they can simply delete things from deleted items, so please don’t confuse this as data protection, it’s simply an end user benefit. It also relies on O365 being online – if the service is offline, you don’t have access to your emails or any deleted items.

Let’s carry on with our scenario, our fictional user has deleted their items from both their inbox and the deleted items folder, what happens next?

Within O365 another recovery folder exists suitably named “Recoverable Items”.

This folder can hold items for up to 30 days (14 by default). Any item that exceeds this duration is lost to the depths of the cloud. The one thing to note is that users can purge their own “Recoverable Items” folders.

So – surely Microsoft have thought about this? Well, yes & no. Microsoft’s answer to this scenario is litigation hold. This will copy all of the user’s emails to an immutable area (hidden away from users in “Recoverable Items”). There was also the option of doing this “in-place”, however, this is heading the way of the Dodo and I wouldn’t suggest deploying it today:

We’ve postponed the July 1, 2017 deadline for creating new In-Place Holds in Exchange Online (in Office 365 and Exchange Online standalone plans). But later this year or early next year, you won’t be able to create new In-Place Holds in Exchange Online.

This is a shame as Litigation hold doesn’t support public folders, so if you need these backing up – you’ll need a third-party solution.

Many companies require a separation of roles as a security standard. In this scenario, the O365 administrator could (rightly or wrongly) assign themselves the “eDiscovery Manager” rights and have full access to search and export from Exchange mailboxes, SharePoint folders and OneDrive locations. The admin could even modify the litigation hold policies.

This is one of the key reasons why many businesses opt to use a third-party backup integration with O365. Such solutions regularly include role-based access control and auditing, that help companies to comply with current and incoming data protection laws, whilst also allowing a different department or administrator to hold the rights for restores.

In addition, many clients insist on a recoverable offline copy of their O365 data – even in another cloud provider (AWS S3 anyone?). This is truly the only way to protect from data corruption (Microsoft explicitly state that point-in-time restore of data is not in the scope of O365).

So in summary, if you are looking for an independent offline backup, public folders or additional separation of security, you’ll need a third-party backup tool. If not, then use what you have in your (E3/E5) subscription.

Now it’s no secret I work as a Cloud Solutions Architect as my day job, check out their Backup-as-a-Service offering for O365 free of charge for 30 days.

It allows granular restore across Exchange Online, SharePoint Online and OneDrive for Business (with more in future) with no agents, no installs and no infrastructure for you to manage – 100% Software-as-a-Service (SaaS). Most importantly – you don’t have to have any NetApp storage to use this offering.

If you have less than 500 users you can purchase directly from AWS Marketplace.