The Great Office 365 Backup Debate

Post Date: 10/19/2020
feature image

Miss The Great Office 365 Backup Debate live? Watch the full recording here!


Office 365 backup. While we can all agree that it’s wise to have data protection and redundancy some capacity, how much you need is a bit more up in the air. Seeing this divide in the community, we reached out to industry icon Tony Redmond and set up a Great Debate to settle things once and for all: do you need a third-party Office 365 backup solution, or are the native solutions enough?

After a riveting debate between Tony and our own John Hodges (and with fantastic moderation by CollabTalk CEO Christian Buckley), attendees had plenty of comments to share. We took the time to speak with John Hodges and get his take on some of the more interesting points discussed post-debate. Enjoy!

Should You Retain Data Forever?

office 365 backup

John: Yes, please don’t keep it forever! That’s not very green, and the cost to your lawyers in the next eDiscovery will be a problem!

We actively work on customer accounts that are sadly running low on out-of-the-box storage and considering purchasing new plans from Microsoft to cover the storage gap. I’ve written blog posts from the point of view of a data hoarder before; to be clear, the big risk here is going to be in security long-term, not just the storage.

Is Backup Green?

office 365 backup

John: I love this post – it makes me think very serious thoughts about my industry! I’d welcome this as a future point of debate! (@Dux). Here’s my stance so far:

Azure has made data center “green” projects a serious target for their data centers; see their Sustainability Strategy Brief here.

They claim that there’s substantially less carbon emissions from Microsoft cloud.

Also, it’s important to note that Microsoft has scored top marks in Efficiency, Transparency, and Innovation when it comes to green energy.

Data Protection

office 365 backup

John: All very valid stories! As Tony stated during the debate, you must take the necessary steps to secure your account to begin with—he’s 100% correct in that regard.

Take one of our best case studies at Walls Construction, for instance. If all you do is look to a backup solution to recover from a Ransomware attack without asking how this happened, you’re now returning data to a high-risk environment. Good data governance practices are a must in this layered solution.

At the same time, however, blanketing an environment with a native “set up right from the start” policy around retention is not as simple as many claim it to be.

You may lack the authority to dictate retention policies natively!
Backup is squarely in the domain of an IT admin. However, to keep content natively means you’re now subjecting your company to potential impacts that are likely outside your purview—namely that retention policies guarantee the presence of data for future eDiscovery cases if they’re not setup to actively dispose of content first!

Trying to figure out how extensive your Office 365 backup needs to be? This post might help: Click To Tweet

You may owe more money in the end than a backup solution!
For an environment that heavily relies on kiosk or student licenses (E1, F1, F3, G1, etc.), you don’t have the licenses required to deploy retention policies on mailboxes and OneDrives for these users. Upgrading to an E3 / G3 can often cost $10/user/month, which far exceeds even the most expensive user licenses we’re familiar with from the backup industry.

In addition, Microsoft limits the amount of “free” storage in SharePoint Online sites for user data. Any data in your preservation hold libraries are counted against this quota, meaning you may be paying high prices per GB going forward for growth in your environment due to retention policies.

Complimented by Michael Weaver: “Where does risk come into this? Is there an argument that the data is safest in the tenant where, if setup correctly, it is safe, and am I adding risk by having this data somewhere else as well? What happens if my backup system / credentials get compromised?”

John: The same due diligence we’re asking you to do natively is the same we’re asking here for any cloud backup vendor, including identifying how that information is stored. AvePoint supports a model where customers can bring their own storage (optional), bring their own authentication (Azure AD), and bring their own encryption keys (Azure KeyVault). In this way, the same diligence you’re following to encrypt and secure data natively is followed by our backup solution!

Breaking Down Microsoft’s Backup Offerings

office 365 backup

John: This is best summed up by our “Debunking Myths” series of backup talks.

office 365 backup

Out of the box, end users can access:

  • Version History for every file (available for the last 500 versions, auto-created)
  • Recycle Bin / Deleted E-mail folders – 93 days total (between first & second level recycle bin)

Out of the box, site owners can access:

  • Second level recycle bin total – 93 days total combined with above (semi-tough to find)
  • Files Restore to roll back the changes for your entire Team Files, SharePoint library, or OneDrive over the last 30 days (a worst-case scenario rollback)

Out of the box, admins can access:

  • “Soft deleted” mailboxes, Groups, and Teams that can be recovered (best example is in the Group Admin Center)
  • Microsoft preserves backups for 14 days, and admins must engage Microsoft support for a full rollback (a worst-case scenario rollback)
    • To be clear, protecting data with ECM controls is an intentional step. This isn’t on by default. That means even Tejalkumar’s comment isn’t valid – none of this is set from the start! Thank you to Philip for support on this point! Two more quick points:

Wrap Up

Once again, we wanted to thank all of our Great Debate attendees for engaging with us on this heated topic. With more organizations moving to Office 365 than ever before, knowing how to make an informed ROI-based decision regarding backup is a must, and it’s our hope that the debate itself and this follow-up post helped you do just that. Have a question or comment that we didn’t answer? Leave a comment below and we’ll try to help!


Subscribe to our blog for more on Office 365 backup.

John Hodges is Senior Vice President of Product Strategy at AvePoint, focusing on developing compliance solutions that address modern data privacy, classification, and data protection needs for organizations worldwide. Since joining AvePoint in 2008, John has worked directly with the company’s product management and research & development teams to cultivate creative ideas and bridge the gap between sales and technology – providing a practical target for innovation and a focused message for sales and marketing. John has been actively engaged in the SharePoint community for several years, working with many Fortune 500 companies to drive sustainable adoption of Microsoft technology and optimize SharePoint’s larger purpose-built implementations. John’s insights and opinions on modern Information Technology can be found in various industry publications, as well as throughout this numerous speaking sessions in webinars and at events worldwide.

View all posts by John Hodges
Share this blog

Subscribe to our blog