Back It Up: Tips for Ensuring Data Loss Protection with Microsoft 365 

By the end of 2022, over a quarter of all high-paying jobs are expected to transition to remote or work from home, and remote work will likely grow across all economic sectors in the coming years. To support staff working remotely as well as in-office staff, companies are adopting suites of collaborative apps and programs like Microsoft 365. This collaborative tool includes everything from Teams, a dynamic communication workplace, to the classic office collection, including Word and Excel. Complex and integrative suites like Microsoft 365 generate an immense amount of data that many companies are keen to protect and secure.

Microsoft 365 does not provide backup ability to its users but does have retention policies that users can enable to retrieve lost or corrupted data. However, these retention policies can sometimes be limited in scope, and some sets of data are not retrievable or covered by any retention policy at all. With the rise of ransomware and malware and the flow of employees into and out of the office—whether physically or virtually—controlling data can get tricky. It’s crucial that Microsoft 365 users understand what data they can retain, how long Microsoft retains it, and what to do if no retention policies are available.

Who Uses Microsoft 365?

As of 2021, about 38% of the office suite technology world used Microsoft 365, and a little over 55% used Google G Suite. But there’s every indication that the numbers may be on their way to balancing out, especially with the widespread adoption of Microsoft Teams, a collaborative workspace that interconnects with Microsoft’s other applications. In 2020, Microsoft Teams grew by 894% just between March and June. Over 731,000 companies in the U.S. use Microsoft 365 for both in-office and remote work.

What Is the Microsoft 365 Data Retention Policy?

Microsoft has put data retention policies in place to help companies manage some portions of the data that users generate. These retention policies are in place for several reasons:

  • For compliance with industry regulations
  • To reduce the impact and liability resulting from a security breach
  • To ensure employees can access all relevant data needed to complete projects effectively

Users can apply the retention policies or labels, and it’s critical to understand these are not the same actions. Policies apply to rules that govern all of the documents and data, although there are some exceptions. Labels are ways to determine how users want to handle individual pieces or types of data. Users can make label applications automatic or manual. Microsoft 365 users can even combine retention policies and labels for a totally customized data retention method; however, even applying both of these methods, companies may still not be able to retain all of the data they generate.

One of the biggest issues with retention policies and labels is that these actions are not the same as a full data backup. In fact, Microsoft 365 focuses on maintaining a high-level service-level agreement (SLA), rather than targeting the underlying data. Microsoft 365 actually recommends that users seek a third-party service like SkyKick Backup to ensure data is protected with a reliable backup solution.

When to Use Retention Policies in Microsoft 365

Applying a retention policy is more efficient if users are retaining or deleting a block of data, such as all documents in SharePoint. Retention policies can apply to multiple locations or a specific location. While policies can cover data in more areas than labels, users cannot manually apply them, and a policy will not persist if a user moves the item, making a third-party SharePoint backup critically important. Users can combine retention labels and policies to create a data retention and deletion network customized to internal and industry regulations, but retention policies are not adequate data management on their own.

When to Use Retention Labels in Microsoft 365

Retention labels can be helpful when companies must hold specific data for a specified period of time for legal reasons. For example, companies have to retain certain tax documents for a certain amount of time, so users can go into settings and apply labels to document files to ensure they are correctly retained. Users may also apply retention labels for data related to employees that have left the company, work visas, or other sensitive data. Unfortunately, these native retention tools that Microsoft offers are not the same as a backup system. Additionally, retention tools like Archiving, Legal Hold, and Data Redundancy can be complicated to use and limited in functionality, as well as costly.

Retention Label Limitations

Users should note that retention labels do not apply if the data is moved outside of Microsoft 365. Another potential drawback is that data saved with retention labels are not all saved in the same locations. Users can only apply a single retention label to a document or email at a time—there cannot be any overlap. Users cannot apply retention labels at all to specific data, including messages generated by Teams or Yammer. If a user has generated multiple auto-apply labels, the oldest label will apply. Finally, once users apply retention labels, it can actually take up to seven days for the settings to apply to the targeted content.

Microsoft 365 and Data Loss

Data control and security are essential aspects of data management for companies, as security breaches are on the rise. A recent report from Egress found that Microsoft 365 may be especially prone to security breaches, especially concerning email data. The average cost of a data loss incident is $3,957, but breaches can and often do cost far more. The issues seem to stem not from the software platform but as a result of user error. As more and more employees transitioned to work from home, security breaches rose—IT experts reported that more than two-thirds of security breaches were because of working from home. Microsoft 365 users are more likely to share sensitive data via email by mistake than those using another office suite. As more companies integrate a hybrid model of remote and office workers, the need to secure data with an Office 365 backup is more urgent—and more challenging—than ever.

Securing Microsoft 365 Against Data Loss

More and more companies are moving to Microsoft 365 despite security breach concerns because of the high level of functionality and integration. To ensure compliance with industry and governmental regulations as well as reduce data breach costs, companies are looking for ways to manage data beyond the retention policies and labels built into the suite. The retention policies in Microsoft 365 are limited in scope, and users can only retain some of the information for short periods of time. Since the average amount of time that lapses between some sort of data compromise and detection is 140 days, the data could be beyond reach and unrecoverable by the time a company realizes what has happened.

Better Breach Response with Cloud Backup

Retention policies just don’t do enough to create the data security that companies need. User error, malware, and compliance issues mean that companies must implement a more robust backup solution. Microsoft 365 backup services can go beyond retention policies and adapt to newer applications like Microsoft Groups and Teams. Microsoft 365 data covered by retention policies count against the storage amount for the plan level that companies purchase and can fill up quickly. Companies must then purchase more storage or risk losing essential data. A Microsoft 365 backup service like SkyKick can offer unlimited storage, so companies can save all of the data they need.

Retention policies have many limitations that make them an inadequate solution for companies. Deleted data can disappear permanently in as little as 14 days, so data unintentionally deleted could be gone for months before someone realizes it’s missing. Microsoft 365 does not offer point in time restore or the restoration of emails and other mailbox information. Microsoft 365 provides many ways to store data in the cloud, but this can create dependency without redundancy. A SharePoint backup and other methods of restoration can significantly reduce system performance. A third-party cloud backup can offer data storage that isn’t governed by time or storage size restrictions. It can also make the data retrieval process much faster, meaning that companies can continue to drive productivity. While understanding what Microsoft 365’s retention policies and labels can do is critical, users also need to understand the limitations so they can safeguard against costly data loss.

SkyKick helps IT solution providers build more successful cloud businesses. Their SaaS products and platform are designed to make it easy and efficient for IT partners to migrate, backup, and manage their customers in the cloud. Protect your data with a proven backup solution today.