The No. 1 question we get all the time: “Why do I need to back up my Microsoft 365 Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams data?”
And it’s normally instantaneously followed up with a statement similar to this: “Microsoft takes care of it.”
Do they? Are you sure?
To add some clarity to this discussion, we’ve created a Microsoft 365 Shared Responsibility Model. It’s designed to help you — and anyone close to this technology — understand exactly what Microsoft is responsible for and what responsibility falls on the business itself. After all — it is YOUR data!
Over the course of this post, you’ll see we’re going to populate out this Shared Responsibility Model. On the top half of the model, you will see Microsoft’s responsibility. This information was compiled based on information from Microsoft documentation, in case you would like to look for yourself.
On the bottom half, we will populate out the responsibility that falls on the business, or more specifically, the IT organization.
Now, let’s kick this off by talking specifically about each group’s primary responsibility. Microsoft’s primary responsibility is focused on THEIR global infrastructure and their commitment to millions of customers to keep this infrastructure up and running, consistently delivering uptime reliability of their cloud service and enabling the productivity of users across the globe.
An IT organization’s responsibility is to have complete access and control of their data — regardless of where it resides. This responsibility doesn’t magically disappear simply because the organization made a business decision to utilize a SaaS application.
Here you can see the supporting technology designed to help each group meet that primary responsibility. Microsoft 365 includes built-in data replication, which provides data center to data center georedundancy. This functionality is a necessity. If something goes wrong at one of Microsoft’s global data centers, they can failover to their replication target, and, in most cases, the users are completely oblivious to any change.
But replication isn’t a backup. And furthermore, this replica isn’t even YOUR replica; it’s Microsoft’s. To further explain this point, take a minute and think about this hypothetical question:
What has you fully protected, a backup or a replica?
Some of you might be thinking a replica — because data that is continuously or near-continuously replicated to a second site can eliminate application downtime. But some of you also know there are issues with a replication-only data protection strategy. For example, deleted data or corrupt data is also replicated along with good data, which means your replicated data is now also deleted or corrupt.
To be fully protected, you need both a backup and a replica! This fundamental principle has been the bedrock of Veeam’s data protection strategy for over 10 years. Look no further than our flagship product, aptly named Veeam Backup & Replication.
Some of you are probably already thinking: “But what about the Microsoft 365 recycle bin?” Yes, Microsoft has a few different recycle bin options, and they can help you with limited, short-term data loss recovery. But if you are truly in complete control of your data, then “limited” can’t check the box. To truly have complete access and control of your business-critical data, you need full data retention. This is short-term retention, long-term retention and the ability to fill any / all retention policy gaps. In addition, you need both granular recovery, bulk restore and point-in-time recovery options at your fingertips.
The next part of the Microsoft 365 Shared Responsibility Model is security. You’ll see that this is strategically designed as a blended box, not separate boxes — because both Microsoft AND the IT organization are each responsible for security.
Microsoft protects Microsoft 365 at the infrastructure level. This includes the physical security of their data centers and the authentication and identification within their cloud services, as well as the user and admin controls built into the Microsoft 365 UI.
The IT organization is responsible for security at a data-level. There’s a long list of internal and external data security risks, including accidental deletion, rogue admins abusing access and ransomware to name a few. Watch this five-minute video on how ransomware can take over Microsoft 365. This alone will give you nightmares.
The final components are legal and compliance requirements. Microsoft makes it very clear in the Microsoft 365 Trust Center that their role is of the data processor. This drives their focus on data privacy, and you can see on their site that they have a great list of industry certifications. Even though your data resides within Microsoft 365, an IT organization’s role is still that of the data owner. And this responsibility comes with all types of external pressures from your industry, as well as compliance demands from your legal, compliance or HR peers.
In summary, now you should have a better understanding of exactly what Microsoft protects within Microsoft 365 and WHY they protect what they do. Without a backup of Microsoft 365, you have limited access and control of your own data. You can fall victim to retention policy gaps and data loss dangers. You also open yourself up to some serious internal and external security risks, as well as regulatory exposure. While third-party Microsoft 365 backup adoption is on the rise, a survey found that surprisingly 71% of businesses were still unprotected1.
All of this can be easily solved with a backup of your own data, stored in a place of your choosing, so that you can easily access and recover exactly what you want, when you want.
Looking to find a simple, easy-to-use Microsoft 365 backup solution?
Look no further than Veeam Backup for Microsoft 365. This solution is already protecting 13 million Microsoft 365 users across the globe. Veeam was also named to Forbes World’s Best 100 Cloud Companies and is a Gold Microsoft Partner. Give Veeam a try and see for yourself.
Still not convinced? Read this why having a backup of Microsoft 365 data is essential.
¹Segment Sentiment Research 2021, Veeam
- Blog post: #1 Microsoft 365 backup guide
- Veeam special report: 7 Critical Reasons for Microsoft 365 Backup
- Blog Post: 45 Microsoft 365 recovery options with Veeam
- 30-days FREE: Veeam Backup for Microsoft 365
- Community Edition: Veeam Backup for Microsoft 365 Community Edition