No one can deny the popularity of O365 and majority of the Customer are opting and migrating to O365. If so, you may be asking:

“Do I even need to backup Office 365?”

The straight forward answer is ….. YES!!

The main reason behind this is Microsoft primary responsibility is to offer Uptime of the Microsoft Office 365 Cloud Service supported by DC – DC geo redundancy. However Microsoft offers Recycle Bin but its functionality is very limited and help in short term data loss recovery. Please note it does not offer point in time recovery.

Having said this customer/businesses using Office 365 need to backup their data residing on O365 as Microsoft of is not offering any backup functionality. This means that ownership of your data in the cloud — being able to set up, access, recover or move it — is your obligation, not Microsoft’s.

Here are the data level security which is of great concern:

Internal: 

• Accidental Deletion
• Malicious Insiders
• Employee Retention
• Evidence Tampering 

External:

• Ransomware
• Malware
• Hackers
• Rouge Apps

There are numerous reasons that why should you backup, here are the Top 6 reasons: 

1. Accidental Deletion

When an employee deletes data from their Mailbox, OneDrive for Business, or SharePoint Online but didn’t mean to, or if they change their mind later, it is called “accidental deletion”. This is not the same as malicious deletion. Despite awareness of the problem, this and other human errors are present across all types of businesses and up and down the power chain at every company. In other words, human error is still an unsolved issue for security teams everywhere.

2. Retention Policy Gaps and Confusion

Reason #2 is “Retention policy gaps and confusion.” Retention planning and execution can be confusing unless it’s planned, especially when several Office 365 workloads are involved. Leaving aside the odd phrasing of “fending off situational data loss,” the fact is that SharePoint Online is the only Office 365 workload that takes backups, so they’re right about limited backup. But that’s by a deliberate design decision to rely on the ability of software to construct robust data protection schemes, like Exchange Native Data Protection. 

3. The Teams Question

Backing up the Teams compliance records created in Exchange Online is not a Teams backup, no matter how loudly a vendor proclaims this to be true. Including these records along with other mailbox data is an imperfect and fundamentally flawed answer; the records are incomplete and can’t be restored into Teams chats or channels. It’s a better solution than depending on Teams compliance records, but it’s not a true backup and restore. Hence it is recommended to have proper backup solution for MS team.

4. Internal Security Threats

It’s true that someone with administrative permissions could attempt to remove or compromise data before they leave an organization. The “rogue admin” scenario is much beloved of backup companies, but the threat is less in the cloud than it is on-premises. Retention policies including those that can’t be amended by administrators can ameliorate the potential effect of someone who deletes all around them before they are escorted off the premises and features like Privileged Access Management can moderate the ability of administrators to wreak havoc on mailboxes. And confidential information can be protected against casual browsing by administrators by encrypting them with sensitivity labels.

5. External Security Threat

The prospect of users downloading infected files or succumbing to a phishing attack is very real. User training helps, as do good mail hygiene defences like Advanced Threat Protection or an equivalent email cleansing service, but threat of infection exists and can have horrible consequences. It’s worth noting here that SharePoint Online and OneDrive for Business both can restore files up to 30 days back and can cure an infection in this manner. Problems have been noted with these restores, but Microsoft has improved how the feature works since. No other Office 365 app has a point in time restore capability.

6. Legal and Compliance Requirements

The report raises the need to be able to retrieve information to satisfy legal or compliance requirements is another important reason. They note: “Microsoft has built in a couple safety nets, (Litigation Hold) but again, these are not a robust backup solution capable of keeping your company out of legal trouble” and trot out the prospect (again) of losing SharePoint data when a user account is deleted.