Knowledge base

July 26, 2020

Does Microsoft need 365 backup?

Current Software as a Service (SaaS) applications, such as Microsoft 365,offer a number of native data retention and recovery capabilities. However, they do not eliminate the need for an independent backup of SaaS data. Microsoft even recommends third-party backup in its service agreement.

“We strongly recommend that you regularly back up your Content. Microsoft cannot be held responsible for Your Content or the material that others upload, store, or share through our Services.”

This is called a Shared Responsibility Model for Data Protection. In other words, Microsoft ensures the availability of applications, infrastructure, and the network connections needed to use them. It is up to you to protect the data created with these applications.

This article explains why backing up data from SaaS applications such as Microsoft 365 is an essential part of any disaster recovery plan.

Why does Microsoft 365 need a backup?

There are several reasons why your business shouldn’t rely solely on microsoft 365 or other SaaS applications data recovery tools.


Ransomware and other forms of malware pose a major threat to your data. If malware has corrupted an end user’s local data, many SaaS applications that automatically back up data through a sync function can inadvertently infect the backup data. If that’s the only form of backup, the data may be lost. Phishing attacks can compromise your company’s Microsoft 365 admin accounts, further compromising the security of your data. In addition, your options for recovering data lost in ransomware or other malware attacks through an application’s native tools may be limited, but also complex and time-consuming.

User removal

The accidental or intentional deletion of data by your company’s employees is a common threat that can lead to major headaches. If you rely only on the native backup of a SaaS application, your ability to recover missing data is at the mercy of whether or not that data will be detected before the application’s retention policy runs out.
Legal issues. If your business is in an industry with strict retention policies and access to backups, SaaS applications such as Microsoft 365 may not meet those requirements.

Business continuity

What happens if a SaaS application your company relies on temporarily fails? You will not have access to your SaaS application data if the only backup is within the application in question.

In short, Microsoft doesn’t always protect you.

There are a number of ways your data can be deleted forever: that’s why you need a backup.

Backing up data is a shared responsibility

As mentioned above, relying only on the native backup of a SaaS application is a recipe for disaster. A successful SaaS enterprise backup and recovery plan should favor the 3-2-1 data storage rule:

  • Keep at least three copies of the data
  • Store it on at least two different types of media
  • Keep one of those backups in an independent offsite location
  • Want to know more? See how ALTA-ICT works to discover how your organization can work more efficiently.

Virtualization can help optimize an organization’s network in terms of reliability, scalability, affordability, security, and flexibility.

Recorded data breaches.

  • Yahoo: The 2013 breach affected 3 billion users. It is estimated that the breach resulted in a $350 million reduction in Yahoo’s final sale price to Verizon.
  • Equifax: the leak revealed the personal data of 143 million customers in 2017.
  • Goal: This leak in 2013 put the data of nearly 110 million people at risk.
  • Uber: At the end of 2016, the personal data of 57 million users and 600,000 drivers came to the web

Want to know more?

Get in touch

Tech Updates: Microsoft 365, Azure, Cybersecurity & AI – Weekly in Your Mailbox.