Cloud computing has revolutionized the use of software applications, removing the need for local installation. Microsoft Office 365 and other SaaS applications leverage the cloud, increasing accessibility and capabilities.

However, the data protection capabilities of Office 365 are greatly misunderstood, with many assuming that data backup and recovery is inherent in the application. This therefore has raised one important question: Are third party services actually useful in Office 365?

The answer…


Proper data backup and recovery systems ensure that the day-to-day functions of the business are properly maintained. Data loss can be costly, and it doesn’t matter whether the data deletion, corruption, or overwriting was intentional or malicious. Since Microsoft understands Office 365’s limitation, the company expressly recommends the use of third party SaaS backup and recovery applications in its service agreement.

It states:
“We recommend that you regularly backup your content and data that you store on the services or store using third-party apps and services.”

“Office 365 is a good offering that will satisfy a number of business requirements for security, archiving, data protection, encryption and other essential business processes, but it has some feature and function gaps that must be well understood before deployment. Many third-party solutions will do a better job at filling these gaps and should be evaluated and considered by decision makers.”

Risks mitigated by third party backup and recovery systems

1. User error data loss

According to a report published by IT Policy Compliance Group, user error is 75% responsible for all data losses experienced. This may seem a bit over the top, but it does carry weight. End users and admins may occasionally delete, overwrite, incorrectly sync, or even incorrectly save data. Whether it is intentional or accidental, the outcome is the same: data loss.

At times, it may take a while for the company to become aware of the loss, usually when the data is needed for a specific purpose. In some cases, the data loss is caused by a user with well-meaning intentions, for example an employee looking to clean or tidy up the company’s file system. They may delete, rename, or move files – mistakenly believing that their new system is cost efficient and a better use of the storage space. If the employee’s Office 365 account is deactivated, any chances of recovering the data is lost.

Solution  An effective third party data backup and recovery application is able to help the company overcome the following Office 365 limitations:

• Limited data retention capabilities: by providing frequent point-in-time backup and unlimited retention
• Limited recovery options: by enabling bulk and granular point-in-time data restores
• Slower recovery times: by meeting SLA requirements through options such as quick recovery and self-serve

With an effective third party backup solution, data loss through user error ceases to be a cause of sleepless nights.

2. Inadequate ransomware protection

Ransomware protection is a much-needed tool of trade, but it fails to account for attacks that originate from inside the premises. For instance, if an end-user inserts an infected storage device, or clicks on an innocent looking link, accurate recovery measures become of utmost importance.

Bulk-recovering lost data ensures that the company’s down time is kept at a minimum, preventing the company from completely ceasing its operations. Additionally, end-users are spared the frustration of manually trying to recover data – a time consuming and costly endeavor.

Solution  An effective third party SaaS application prepares the company to quickly mitigate the effects of a ransomware attack by:

• Quickly detecting the attack and pinpointing the infected files
• Restoring an entire folder structure quickly and easily
• Maintaining an independent copy of the data in an external location
• Providing accurate rapid-bulk point-in-time recovery

3. Non-Compliance due to limited data retention

Compliance with corporate data governance policies as well as state and federal regulations can be a challenge if you rely on Office 365. The application’s limited data retention fails to meet the retention duration and duration policies, as it only provides a maximum retention of 30-93 days and retains audit logs for 6 months.

This limited data retention period makes it difficult for companies to comply with regulations.

Solution  Implementing an effective third party backup and recovery applications will provide the company with:

• Unlimited data retention options
• Simplified retention settings
• Flexible audit history with unlimited data retention

A third party application helps the company to close the Office 365 data retention and compliance gaps, and ensures that the compliance requirements are fully met.

4. Limited eDiscovery and legal hold functionality

Compliance with eDiscovery and legal hold requirements is a sure way to avoid costly penalty fees. This means that any case-related data should be easily accessible, and protected from unintentional deletion.

Recovering this data from Office 365 may be tedious and time-consuming, and often requires IT specialists and end-user disruptions. While the higher priced Office 365 enterprise plans may offer legal hold capabilities, these are only limited to Office 365 data, making it impossible to recover other workload data.

Office 365 has limitations on speed, formats, and bulk recovery, and its default settings and retention policies may impede the company’s ability to access key content. Additionally, fast integration with eDiscovery tools is not provided in Office 365.

Solution  To meet the eDiscovery and legal hold requirements, the following should be considered while selecting a third party SaaS application:

• A comprehensive legal hold support with unlimited data retention
• Full and automatic collection of data across all workloads – not just Office 365 – without any employee disruption
• Faster export speeds, bulk custodian holds, and multiple file formats
• Easy integration with third party eDiscovery tools

Choosing a third party application that provides these functionalities ensures that the company’s legal team is always prepared for litigation.

5. Internal data threats

As employees leave the organization, some may intentionally delete, copy, or corrupt company files. With Office 365, it is unlikely that the company may be able to recover the lost files, and archiving with OneDrive is not enough.

With no certainty as to which files were affected, when they were affected, and for how long the malicious activity has been going on, it is impossible to find out the extent of the damage caused.

Solution  Implementing an effective third party data backup and recovery solution that:

• Constantly captures data (including deleted files and versions) and has continuous backups and unlimited retention
• Saves an independent copy of the data outside the Office 365 environment
• Effectively restores data sets back to the manager, or outside the Office 365 environment
• Conducts data investigations and forensic analysis using built-in search and analytics capabilities

Third party data recovery tools are essential for Office 365

An effective third party SaaS backup and recovery application is essential in a company as it helps protect Office 365 and other workloads’ data from threats such as accidental deletion, ransomware, file corruption, insider attacks, and non-compliance with data retention, legal hold and eDiscovery.

Closing the gaps in Office 365 – which Microsoft readily acknowledges– is a task best handled by third party SaaS platforms.