The process of backing up and recovering data hosted in Microsoft 365 Online differs in a notable way from other applications and data that enterprises host in the cloud or on-premises. Enterprises do not need to back up and recover the Microsoft 365 application. Rather, they may focus solely on backing up and recovering the data they store in Microsoft 365.
While this shift in backup and recovery focus may seem slight, it impacts how enterprises manage recoveries of Microsoft 365 data. They should adhere to the following three rules when recovering Microsoft 365 data.
Rule #1: The fastest recovery may involve using Microsoft 365 features.
Microsoft places the responsibility for data on that enterprise. However, Microsoft 365 does offer some data protection capabilities. For instance, deleted emails go to the Deleted Items folder while deleted files and folders end up in its Recycle Bin. Enterprises may want to prioritize using the Deleted Items folder and Recycle Bins first to perform small scale data recoveries. This approach may be faster than recovering through the backup software.
Rule #2: Wait for Microsoft 365 to come back online.
No one likes to think about Microsoft 365 going offline. However, it happens with outages occurring both 2022 and 2023. Should an Azure region that hosts an enterprise’s instance of Microsoft 365 go offline, Microsoft 365 goes down as well. They may even lose access to their Microsoft 365 backups if they also store them in the Microsoft Azure cloud.
To recover, enterprises can try to recover Microsoft 365 with their SaaS backup provider in the SaaS provider’s cloud, another cloud, or on-premises. However, the best option for enterprises is often to wait for Microsoft Azure to come back online. The time it takes Microsoft to bring Microsoft 365 back online almost always represents the best, easiest, and fastest recovery option.
Rule #3: Take steps to avoid large scale data recoveries.
Hosting data in Microsoft 365 creates an unusual challenge for enterprises. Microsoft limits the number of API calls any application can make to Office 365 during a 24-hour period. This limitation applies to backup software as well.
This limitation comes into play should a large amount of an enterprise’s Microsoft 365 data become compromised and require recovery. Whether by user error or through a ransomware attack, once Microsoft 365 data becomes compromised, recovering this data at scale becomes challenging.
Since all SaaS backup applications leverage Microsoft’s APIs to restore Microsoft 365 data, it may take days to complete this task. To avoid this scenario, identify Microsoft 365 SaaS backup solutions that monitor Microsoft 365 for data deletions, exfiltration, and ransomware attacks to prevent data loss at scale.
KEEP UP TO DATE WITH DCIG
To be notified of new DCIG articles, reports, and webinars, sign up for DCIG’s free weekly Newsletter.
To learn about DCIG’s future research and publications, see the DCIG Research & Publication Calendar.
Technology providers interested in licensing DCIG TOP 5 reports or having DCIG produce custom reports, please contact DCIG for more information.