Over the past year, I’ve seen a significant increase in the number of  businesses moving from on-premises Exchange environments to Office 365. That move makes absolute sense. When it comes to messaging, there’s hardly any difference (in terms of business value and competitiveness) whether you run it yourself or consume it a service.

 

But one area in particular does make a difference: backup and restore.

 

Let’s start with the definition of a backup: An independent copy of data that can be restored if the source system or service is unavailable.

 

It’s pretty hard to argue with that definition, but I expect that many readers will have their own ideas about what a backup is.

 

Now let’s look at a typical on-premises enterprise estate. Most have Exchange, and some have tape- or disk-based backup appliances, keeping data anywhere from 1 to 7 years. (A few outliers refuse to delete anything. LTO2 tape drive, anyone?)

 

So why did we spend all that time and money on backup in the first place? Well actually – it wasn’t about backup, it was about the restore capability. As an exchange admin in a past life, I had to be able to tell the directors that I could restore the whole system or individual e-mails on demand, for however long the business required.

 

With this in mind, let’s take a look at the native Office 365 capabilities. What do you get for your £17.60per user per month? (E3 is the minimum subscription that offers hold capabilities.)

 

The first capability to look at is restoring deleted items. This is handy – if you accidentally delete something, you can restore it with a simple click and  drag operation. You can even configure this option to have unlimited retention (14 days is the default).

 

But what if you want to make sure that something is no longer in the system? Youcan just delete it from your Deleted Items folder. This is simply an end-user benefit — don’t confuse itwith  data protection. This operation relies on Office 365 being online – if the service is offline, you don’t have access to your emails or any deleted items.

 

Once you’ve deleted your items from both your inbox and the Deleted Items folder, what happens next?

 

In Office 365, you have a Recoverable Items folder that can hold items for up to 30 days (14 days is the default). Any item that stays in the folder longer than 30 days is lost in the depths of the cloud. (Note that you can purge your own Recoverable Items folder at any time.)

 

Surely Microsoft has thought about all this? Well, yes and no. Microsoft’s answer to this scenario is Litigation Hold, which copies all of your e-mails to an immutable area (hidden from users in Recoverable Items). There is also an In-Place Hold option; however,  Microsoft is phasing it out, and I wouldn’t suggest deploying it today. Microsoft says:

 

“We’ve postponed the July 1, 2017 deadline for creating new In-Place Holds in Exchange Online (in Office 365 and Exchange Online standalone plans). But later this year or early next year, you won’t be able to create new In-Place Holds in Exchange Online.”

 

Phasing out the In-Place Hold option is a shame, because Litigation Hold doesn’t support public folders. If you need to back up public folders,  you’ll need a third-party solution.

 

Many companies require a separation of roles as a security standard. In this scenario, Office 365 administrators could (rightly or wrongly) assign themselves eDiscovery Manager rights and have full access to search and export from Exchange mailboxes, SharePoint folders, and OneDrive locations. They could even modify the Litigation Hold policies.

 

This is one of the key reasons why many businesses opt to use third-party backup integration with Office 365. Such solutions usually include role-based access control and auditing, which help companies to comply with current and up-coming data protection laws, while also allowing a different department or administrator to hold the rights for restores.

 

In addition, many clients insist on a recoverable offline copy of their Office 365 data – even in another cloud provider (AWS S3 anyone?). This is truly the only way to protect from data corruption. (Microsoft explicitly states that point-in-time restore of data is not in the scope of Office 365.)

 

In summary, if you’re looking for an independent offline backup, public folders, or additional separation of security, you’ll need a third-party backup tool. If not, then use what you have in your (E3/E5) subscription.

 

It’s no secret that I work as a NetApp cloud solutions architect as my day job. Check out NetApp® Cloud Control for Microsoft Office 365, NetApp’s backup-as-a-service offering for Office 365, free of charge for 30 days.

Kirk Ryan

Kirk Ryan is a senior cloud solutions architect who regularly provides consultation for successful adoption of cloud first strategy and cloud architectures. Kirk is experienced in AWS and Azure design methodologies, serverless technologies, IoT systems, analytics and machine learning, web and mobile development (Node.js, React, React-Native, GraphQL) as well as over 14 years of data management and solutions integration experience. He is the leader of the UK Cloud meetup, and a frequent speaker at events and executive briefings