The Limitations of Microsoft Office 365 Backup

Akins IT • October 19, 2016
Connect with us

Data loss and protection are two major concerns for businesses migrating to the cloud. The number one cause of data loss in SaaS is accidental data deletion- in which 70% of all lost data is due to accidental or malicious deletion by end-users. Microsoft Office 365 has industry-leading security measures, but there are limitations that will make you want to consider a third-party backup.


Outlook and Exchange Online- Retention Limitations 


Microsoft offers multiple layers of protection to prevent end-user errors in Outlook and Exchange Online. E-mails deleted by users are moved to the user’s Deleted Items folder, where items remain up to 30 days by default. Microsoft has recently introduced a new retention policy that allows admin to customize a longer or indefinite retention time for Deleted Items in Outlook and Exchange Online. This policy increases protection, but items can be permanently deleted if the user chooses to empty the folder. These items are then moved to the Recoverable Items-Deletions Folder where the default duration of item retention is 14 days. This retention setting can be customized up to 30 days. However, once an item exceeds the retention setting in Recoverable Items- the data is gone indefinitely.

Another issue to take into consideration is the process required to preserve mailboxes when a user leaves the organization. Before the user leaves the organization, a litigation hold or in-place hold must be placed on the mailbox to preserve its content. If a hold is not placed on a mailbox before its deleted, then the mailbox contents cannot be preserved. Placing holds is also a premium feature that is not available in all Office365 plans.


OneDrive/Sharepoint- Retention Limitations 


Unless Document Versioning is turned on, OneDrive and SharePoint only store the most recent version of your content- not it’s entire history. End-users will be able to restore back to previous versions, but this does not protect against accidental deletion. Like Outlook and Exchange Online, OneDrive has a series of folders for protection. In these applications, deleted items are moved to the user’s Recycle Bin where they stay up to 93 days or until manual deletion. Once the item exceeds the retention rate or upon deletion, it is then moved to the Site Collection Recycle Bin where it can be recovered up to 93 days. However, once an item exceeds the retention setting in the Site Collection Recycle Bin- the data is gone indefinitely.


Protect All Your Data- Back It Up!


Microsoft Office has these layers of protection on a default retention setting. Yes, their customizable retention settings offer more protection, but there are multiple downsides. First, the organization must be aware of the evolving policies to ensure full protection. This can be time-consuming and inconvenient. Second, the ability to customize retention for Deleted Items is only available for Outlook/Exchange Online. The retention policies are inconsistent in each service application in Office 365- which also is time-consuming and inconvenient. Users would have to go through a long process of multiple folders to recover one item. Lastly, these are not complete backup solutions, it is only meant to protect from data loss in a limited way. To ensure full protection, invest in a complete cloud-to-cloud backup solution. A third-party backup can offer enhanced protection of Office 365 data that features automated and daily backup, unlimited storage, and better, faster recovery options. In short, save yourself the hassle and backup with a third-party.

AWS stumbled this morning. Here’s why multi‑cloud keeps you moving.

By Shawn Akins October 20, 2025
October 20, 2025 — Early today, Amazon Web Services experienced a major incident centered in its US‑EAST‑1 (N. Virginia) region. AWS reports the event began around 12:11 a.m. PT and tied back to DNS resolution affecting DynamoDB , with mitigation within a couple of hours and recovery continuing thereafter. As the outage rippled, popular services like Snapchat, Venmo, Ring, Roblox, Fortnite , and even some Amazon properties saw disruptions before recovering. If your apps or data are anchored to a single cloud, a morning like this can turn into a help‑desk fire drill. A multi‑cloud or cloud‑smart approach helps you ride through these moments with minimal end‑user impact. What happened (and why it matters) Single‑region fragility: US‑EAST‑1 is massive—and when it sneezes, the internet catches a cold. Incidents here have a history of wide blast radius. Shared dependencies: DNS issues to core services (like DynamoDB endpoints) can cascade across workloads that never directly “touch” that service. Multi‑cloud: practical resilience, not buzzwords For mid‑sized orgs, schools, and local government, multi‑cloud doesn’t have to mean “every app in every cloud.” It means thoughtful redundancy where it counts : Multi‑region or multi‑provider failover for critical apps Run active/standby across AWS and Azure (or another provider), or at least across two AWS regions with automated failover. Start with citizen‑facing portals, SIS/LMS access, emergency comms, and payment gateways. Portable platforms Use Kubernetes and containers, keep state externalized, and standardize infra with Terraform/Ansible so you can redeploy fast when a region (or a provider) wobbles. (Today’s DNS hiccup is exactly the kind of scenario this protects against.) Resilient data layers Replicate data asynchronously across clouds/regions; choose databases with cross‑region failover and test RPO/RTO quarterly. If you rely on a managed database tied to one region, design an escape hatch. Traffic and identity that float Use global traffic managers/DNS to shift users automatically; keep identity (MFA/SSO) highly available and not hard‑wired to a single provider’s control plane. Run the playbook Document health checks, automated cutover, and comms templates. Then practice —tabletops and live failovers. Many services today recovered within hours, but only teams with rehearsed playbooks avoided user‑visible downtime. The bottom line Cloud concentration risk is real. Outages will happen—what matters is whether your constituents, students, and staff feel it. A pragmatic multi‑cloud stance limits the blast radius and keeps your mission‑critical services online when one provider has a bad day. Need a resilience check? Akins IT can help you prioritize which systems should be multi‑cloud, design the right level of redundancy, and validate your failover plan—without overspending. Let’s start with a quick, 30‑minute review of your most critical services and RPO/RTO targets. (No slideware, just actionable next steps.)

Microsoft Confirms GoAnywhere Exploitation: What IT Leaders Need to Know

By Shawn Akins October 13, 2025
How a Zero-Day in GoAnywhere MFT Sparked a Ransomware Wave—and What Mid-Sized IT Leaders Must Do Now

The Windows 10 Deadline Is Here—Are You Ready for What Happens Next?

By Shawn Akins October 13, 2025
The clock is ticking: Learn your options for Windows 11 migration, Extended Security Updates, and cost‑smart strategies before support ends.
More Posts