office 365

4 Smart Steps for Developing an #Office365 Backup Strategy

Do you want complete, worry-free Office 365 backup coverage? Click here to learn about our tried and true cloud backup products.


Back when companies had their own data centers, they were typically expected to take care of the backup of their own data. Now, however, it’s common for companies to assume that their Software as a Service (Saas) provider will handle it. Unfortunately, those who rely on their service providers instead of developing their own cloud backup strategies are faced with a high risk.

Why Cloud Backup?

The move to cloud servers means that the cloud provider, Microsoft, is responsible for high availability and, therefore, also for the disaster recovery if the service fails. However, the data is still owned by the companies, and therefore it’s their responsibility to secure it. Data can still become lost or unattainable due to:

  • Accidental deletion
  • Intentional deletion
  • The corruption of files
  • A variety of cyberattacks and ransomware

Indeed, the need for secure information is greater than ever before.

4 Steps to an Office 365 Backup & Restore Strategy

1. Define Policies and Requirements

Every company’s backup requirements are different. Some fields might require that certain regulations be met. Therefore, the first thing a company needs to do is establish its own Service Level Agreement (SLA) and define its requirements. When dealing with backup and recovery, we recommend that you consider the following:

The need for secure information is greater than ever before. Click To Tweet
  • Recovery Point Objective (RPO): How often your company should backup its data so that in the case of an outage, the amount of data lost would not exceed your business’ loss tolerance.
  • Content: What kind of content/from which platforms do you want to backup?
  • Recovery Time Objective (RTO): The amount of time it takes until data can be restored after an outage or disaster.
  • Retention Period: How long do you want to keep content backed up? Is it different for each location (Groups vs. Outlook, for instance)?
  • Recovery Granularity Objective (RGO): What’s your level of object granularity that you want to be able to restore?

2. Identify How These Apply to Office 365

Now let’s analyze how these policies can be applied in Office 365. Following the criteria above, here are the following options in Office 365:

* 30 days in the end user Recycle Bin, 30 more days in the extended trash, 33 more days in PowerShell

** Deletion after the employee/tenant has left the company

*** It’s important to note that Project Online is part of the content database and, as such, is backed up as a whole. Because of this, however, there is no separate single object recovery option available.

3. Third-Party Solutions

If the built-in functionality doesn’t line up with your corporate policies, Gartner and Forrester suggest analyzing third-party solutions and, if compatible, implementing them in your Office 365 backup strategy.

However, be aware that while many venders may advertise Office 365 backup, they often only offer export tools of Exchange Online to a .pst file. Not only can this cause data protection issues, but Office 365 is comprised of much more than just Exchange!

By comparison, AvePoint’s Office 365 backup solution offers backup of:

  • Exchange
  • Exchange Public Folder
  • SharePoint
  • OneDrive
  • Office 365 Groups
  • Microsoft Teams
  • Project Online
  • And even Dynamics 365!

Blog: AvePoint’s Unlimited #Office365 Backup: Why It’s The Right Choice for You


When comparing 3rd party vendors, what else could be important for your business?

  • Use of your own private encryption keys, so that you always control your backup data and not the vendor.
  • Selection of different storage providers. You might want to further balance risk and store the backup data with different storage providers or even in your own on-premises datacenter (*Note: Please check all pros/cons that come with different storage provider options, like bandwidth or extra data transfer costs).

  • The release management by 3rd party SaaS solution is also important. Cloud providers tend to release quickly but may disrupt a customer’s cloud environments. Thus, good release management of SaaS offerings is critical.
  • Lastly, not all 3rd party cloud providers are equal. Look for ones with ISO security certification as the cloud platform provider’s (MSFT, AWS, Google) own platform level security certification doesn’t cover 3rd party SaaS solutions. AvePoint is now certified for ISO 27001.

Suffice it to say, you need to make sure that you’re getting the best bang for your buck when going third-party.

4. Monitoring and Verification

After backing up your data, it’s crucial to continue monitoring it via a) backup dashboards and logs and b) regularly scheduled tests. These tests are used to determine if the current processes are working properly and if secured objects can still be successfully restored. We recommend the following cadence:

office 365

With these four steps you should now be primed to either devise a new, more sophisticated Office 365 backup strategy or spruce up your existing one. If you’re working to fulfil strict requirements, intuitive third-party solutions can help you expand upon Microsoft’s native backup functionality. I hope this helps you get the maximum value out of your Office 365 investment!


Like what you read? Be sure to subscribe to our blog!

Robert M.

Robert Mulsow is VP of TSP EMEA at AvePoint, and a Microsoft P-TSP. Together with his previous experience at Microsoft, he specializes in SharePoint infrastructure and peripheral technologies SQL, Windows Server and Active Directory. As a Microsoft MVP and Certified Trainer for Office servers and services, he brings extensive experience in the field of consulting, implementation and troubleshooting.