Continued from blog post: How to back up Microsoft Teams
As I said, if you want to back up Teams, you should also back up Office 365. There is no way around. People often think that once we use cloud applications and store our data there, we no longer need to worry about anything else. It is partly true – if you use a ready-made application as a service in a cloud, you do not have to worry about software updates, patching, hardware maintenance, power cuts, etc.
I believe that as Microsoft takes care of such service management tasks, many people think that they do not have to worry at all, and that backup is probably also included in the service and their data is protected in every way.
Another reason why people do not think about backup of Office 365 is that for a long time there was no good solution for backup of cloud services. Most of the backup solutions were still designed for on-premises servers.
In any case, we have learned that it is vital to back up data located in Office 365 – especially if you use Teams.
In fact, there are at least 6 important reasons to back up Office 365 data:
1st reason: inadvertent deletion
The first reason why Office 365 backup is important is that a user can inadvertently delete data that was actually necessary. For instance, they can accidentally delete necessary contacts or files. We know that it may happen to on-premises data, and it may just as easily happen in the cloud. A user may also overwrite right data with wrong one. And if that happens, it must be possible to restore user data.
The good news is that Microsoft enables recovery of inadvertently deleted data. If a user inadvertently deletes a file in OneDrive, it is possible to use OneDrive Recycle Bin to recover the file. Also, if a user inadvertently deletes an e-mail they need, they can recover it from the Deleted Items folder.
These options help but they are not perfect. Firstly, the users may not even know that these options exist. Secondly, Office 365 stores deleted data only for a certain period. When the period has passed, the data is permanently deleted and there is no way of recovery other than from a backup. And it is worth mentioning that the recovery mechanisms that Microsoft offers may not be of help if the data is overwritten.
Thus, to sum up, it may be said that the recovery means built into the service of Microsoft work up to some point, but they are not comparable to a full backup solution.
2nd reason: legal and compliance requirements
The second reason why Office 365 backup is necessary is that it is very difficult to follow storage rules without it. Some companies are required to or need to store data for a certain period. Initially there were such rules for emails, but they may also apply to Teams. We also know that it may result in financial penalties if we cannot ensure it.
It is true that not all companies are required to store data, but a company may have an internal agreement of data storage. A company may wish to preserve data until it reaches a certain age limit. Such an agreement may protect a company from malicious users and legal hassle.
The best way to make sure that data has been stored pursuant to regulations or business requirements is to back up data and assign relevant data retention policies to backup. Then it is certain that the backed-up data is also stored for the required period.
3rd reason: complicated retention policy and its drawbacks
The third reason to back up the Office 365 environment is complicated retention policy.
In the previous section, I briefly mentioned that some companies are required to store data and other companies store data based on internal agreements. Regardless of the reasons why data retention policies have been established, it is rather complicated to apply those.
The main reason why data storage is complicated is that there is no central solution across a company for management of retention policies. Let’s think about it for a moment. For instance, a data retention policy designed for a business-critical application has no connection to services like Microsoft Exchange Online or SharePoint.
The problem is that as we cannot implement and manage central data storage rules across different applications, there are bound to be inconsistencies and errors. It is very difficult to detect whether data storage rules are switched on in all the applications and data sets of your company, whether the data retention policies have the same duration, etc.
Here it may seem that data retention policies are not at all related to backup of Office 365 and Microsoft Teams. But let’s recall what we already discussed – Teams stores its data in different Office 365 services.
A good backup solution helps you follow data storage rules. If you set up Office 365 backup as a complete solution, all Office 365 data is stored to a central location determined by you. It means that your backup includes the data of Exchange, SharePoint, OneDrive and other Office 365 services and applications – all the locations where the Teams data is stored are backed up. And this is the catch – as the backup is a storage of so different types of data, you can establish data retention policy rules for the backup, which aligns the data retention policy with the agreed rules.
4th reason: internal security risks
One of the reasons why it is important to back up your Office 365 environment is that backup is a protection mechanism from internal security risks.
There are different internal security risks but as a rule those are associated with users who have malicious intentions. We all know stories of employees who have been or are in the danger of being fired and who delete large amounts of data before they leave. And I have also heard of employees who are not happy with their companies and start to damage IT systems on purpose.
Of course, it is not possible to prevent internal security risks 100%. We cannot predict when someone might become malicious. We may sense and see signs of malicious intentions, but it is very difficult to predict what someone might actually do.
One of the most important things you can do to manage the internal security risk is to implement a good backup solution and create a recovery plan. Backup does not exclude the possibility that one of the employees harms your data in some way, but it gives your company a possibility to fix the situation if something like that should happen.
5th reason: external security risks
Just like security risks may be caused internally by a malicious employee, security risks may also originate from the world outside. People are probably well aware of such risks, I mean hacking, ransomware, etc.
The only way to protect yourself from ransomware attacks is to implement a Zero Trust information security model in the company. Unfortunately, the Zero Trust model is not suitable for all the companies, as it may hinder business processes and the way people are used to doing their daily work.
The best way for a company to deal with external attacks is to apply defence in depth. This means implementation of a series of mutually supplementing or overlayed defensive mechanisms in different layers or dimensions, and to reach the protected assets, the attacker must break through all of those. If an attacker or malware penetrates one protective layer, another defensive mechanism helps to prevent the attack or minimise loss.
It is vital to have a good backup strategy to manage external security risks. Your backup copies are the last line of defence and play a very important part in returning the situation to normal in case of successful attacks.
For instance, think of a situation where your data is encrypted by ransomware. If that happens, you usually have to options: you pay ransom to get your data back or you recover a backup. Paying ransom is generally not a good idea. It further encourages the attackers and there is in fact no guarantee that you will recover all your data. It is better to have a possibility to recover your data from a backup, not be forced to pay ransom.
6th reason: management and migration of hybrid environments
The sixth situation where Office 365 backup is important is when a hybrid environment is used. For instance, the emails of some Teams users are in an on-premises Exchange Server and some in Office 365 cloud. Does it make sense in such a situation to only back up the mailboxes of on-premises users? I remind you that not only e-mails but also the Teams data is stored in mailboxes.
Ideally, a company should use a similar backup solution both for the cloud and on-premises for protection of their data.
Backup also helps in case of migration or accidents – when the on-premises Exchange Server stops working for some reason, the backup data can be used for moving the former on-premises mailboxes quickly into the cloud.
The best reason why you should back up your Office 365 environment is perhaps the fact that Microsoft presumes that you do it. Office 365 is created based on the principle of a shared responsibility model. The idea of the model is that Microsoft on the one part and the Office 365 client on the other part both play a role in the operation of the service.
The main role of Microsoft is keeping the infrastructure of the Office 365 service in operation and protecting it. They ensure smooth operation of the hardware and operation of the Office 365 services. They also take care of tasks related to current service management like upgrades and management of security patches. Accordingly, Office 365 customers are expected to take responsibility for backup of their data, including Teams data. If anyone in your company inadvertently deletes a file from Teams, you cannot call Microsoft and request recovery of the file. It is your job to back up your data and recover it if necessary.
Recovery of Teams data
To be able to recover Microsoft Teams data, we must first consider three things – Recovery Point Objective (RPO), i.e., the moment from which data can be recovered, Recovery Time Objective (RTO), i.e., the time during which the data will be recovered from the moment of the incident, and thirdly, backup solution capacity.
Backup solution capacity
Backup solution capacity is very important for Microsoft Teams. As we discussed before, Microsoft Teams data is distributed to various locations, including Exchange, SharePoint, and OneDrive for Business. Considering how Office 365 stores Teams data, the Office 365 backup solution should be capable of backing up all the data even remotely associated with Teams.
The good news is that Microsoft recently launched a new API for Teams. The API provides a possibility for backup solution providers to back up and restore Teams directly from the source data.
To understand the importance of this API, let’s compare the backup and recovery of Microsoft Exchange and Microsoft Planner. Both are Office 365 cloud services but most of the backup solution providers only support the backup and recovery of Exchange from source data. But I do not know anyone who would currently offer full backup service for Microsoft Planner.
At last, the new backup API of Microsoft gives a possibility for backup solution providers to offer a fully functional Teams backup service. We must consider that as the API is rather new, all service providers have not yet managed to integrate it into their Office 365 backup service.
Nobody wants to start a court dispute but if someone should use legal measures against your company, it is of critical importance to use a reliable eDiscovery solution.
eDiscovery helps to identify and find from the system all documents and other data potentially associated with a given case. It also helps to follow the requirements of GDPR.
The Microsoft Office 365 service does have a built-in eDiscovery service through which an authorised person can look for the necessary information. As for Microsoft Teams, the eDiscovery tool can find a chat, channel chats, files, meeting information and call information.
Office 365 eDiscovery possibilities are of great help, but they are not perfect. Office 365 contains a functionality called Legal Hold which makes it possible to give the documents identified by eDiscovery the status ‘on hold’, preventing deletion. But the problem is that once we delete the account of a user, their Exchange mailbox is also deleted, even if it has been placed in legal hold. Remember: Microsoft Teams stores quite a lot of data in Exchange mailboxes, and if an Exchange mailbox is deleted, it also deletes any Teams data in the mailbox.
Backup solutions have not been designed to fulfil the tasks of eDiscovery. But even so a backup application may have an important role in finding data, and its possibilities in that role may be better than those of the tools built into Office 365.
Why do I believe that? Think about what usually accompanies the eDiscovery process. If a company is required to submit certain documents, the first thing to do is to find the required documents using the eDiscovery interface. Once the search is complete, all the documents will be placed in legal hold, so that they cannot be changed or deleted. And the last step in the process is usually exporting of copies of the documents so they can be shared with those requiring them.
Please think how a good backup solution could accomplish those tasks. Even if a backup solution is not designed to accomplish the task of eDiscovery, a good backup solution has a search interface helping the administrator to search for data that has been backed up. Thus, the administrator can use the backup for eDiscovery. The backup solution for Office 365 and Teams should be also capable of finding the data that the built-in Office 365 service cannot not find.
Naturally, the administrator is not the only person who may need to find something. Backup search may also be useful for the end user. There are often situations where someone has sent you a document or file and you cannot find it. Did they send it by e-mail? Did they share it through SharePoint? If you give the end user access to backup search, they can quickly find the lost file.
As discussed before, as a rule, after a document is identified, it is placed in legal hold. Backup solutions usually do not have a legal hold functionality, but you have a possibility to assign a data retention policy to your backup. If it is necessary to store the backup data indefinitely, you can assign an indefinite retention policy. Depending on the logic and architecture of your backup there is an additional possibility to store the necessary data on tape, then you have actual data that does not expire.
Here, you should remember that legal hold does not simply protect data from deletion, but also protects data integrity, i.e., does not allow to change the data. Copying data to tape also ensures that this requirement is satisfied.
Many modern backup solutions also support data immutability in the backup. Data immutability is very important for protection against ransomware. Some ransomwares target namely backups of companies. If the ransomware manages to encrypt a backup, the company has no other choice but to pay ransom to recover their data. Thus, many backup solution providers offer that in their service to prevent changing of data by ransomware. The same immutability helps to protect data if there is a need to apply legal hold.
Finding and sharing backup data i.e., eDiscovery. A backup solution is a good way to do that. You can choose which document should be recovered and where it should be recovered. The recovery process is rather like the one that eDiscovery tools use for exporting data. The difference between a backup solution and eDiscovery solution is that a good backup solution enables you to export data in different formats suitable for you. For instance, .ZIP or .PST format, etc.
Why the existing solutions are insufficient
There is a multitude of backup services and solutions on the market, and it may seem an impossible task to choose the right one for Office 365 and Teams backup. I will not recommend any particular one to you here, but I will point out some things to consider.
Firstly, make sure that the backup software is designed for Office 365 backup. Technically, it is possible to back up a part of Office 365 data using backup software that has no Office 365 backup support, but it is not the best option. Secondly, make sure that the solution, in addition to Office 365 backup, also supports Teams backup. Some backup solutions designed for Office 365 backup do not fully support Teams backup in its full meaning.
A backup solution must be easy to use. I have noticed that some solutions that promise to back up Office 365 are complicated enough, particularly during the recovery process. Thus, complicated solutions are of no help here. A simple and transparent user interface also reduces the risk of something being incorrectly set up, and thus the potential of data loss is lower. And recovery in particular must be as simple and fast as possible, so that the data would be in the right location and quickly reusable.
Finally, make sure that the solution is independent of the data storage destination, i.e., you can freely choose the location of backup data (either an on-premises disk, cloud or tape). And the backup solution should support hybrid environment. In principle, there should be no difference whether the data to be backed up is in an on-premises server or Office 365 cloud and on which media you have the data to be backed up. You should be able to use the same user interface for backing up both environments and if necessary also recover data from one environment to another.
What to consider
Microsoft Teams is a little different application as its data is stored in different locations. One might easily think that the Teams data is somewhere in an SQL database but in fact it is distributed between various Office 365 services. Thus, if you want to back up Teams, you must back up different components where the data is located (e.g., Exchange, SharePoint, and OneDrive) and the capacity of the backup software must be able to bring this metadata together.
Office 365 backup is important. Microsoft will not back it up for you! The backup of Teams data associated with other Office 365 services is your responsibility. For that, you will naturally need a reliable Office 365 backup solution with built-in Teams backup support.
Read more from the blog post: How to back up Microsoft Teams