Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost.

There does seem to be confusion on what constitutes a Disaster Recovery plan, however.

While many systems have some form of data retention, they lack the necessary measures to be considered “disaster recovery”. This leaves security, compliance, and continuity all in question. Office365 is one of those systems.

What Office365 does

Office365 is a subscription-based service for Microsoft’s popular applications like Word, Excel, PowerPoint, and Outlook.

While Office365 uses language like “file-sharing and online storage” and “Microsoft-backed 24/7 Security”, at the end of the day, it is a singular system designed for Microsoft’s product line.

To present an example, as long as e-mails from Outlook are in an uncorrupted state, not deleted or purged beyond the unrecoverable period, and not beyond 3 years, you have your content. That is a standard retention policy for an active email system. But that sounds like a lot of conditions, am I right?

Likewise, collaborative platforms like OneDrive and SharePoint allow multiple users to access necessary documents. However, even those systems require a back up for catastrophic events.

Microsoft only provides any form of recovery under the following events:

  • Loss of service due to their hardware or infrastructure failure
  • Loss of service due to natural disaster or data center outage
  • Short-term (30-day) user-error with recycle bin/version history
  • Short-term (14-day) administrative error with soft-delete for Groups, Mailboxes or services-lead rollback

What Office365 doesn’t do

Under that same example mentioned above, if your email were to become encrypted via ransomware, that is not a situation in which Microsoft will support or recover.

Even in more common events, like an employee leaving, data that is lost in that user’s account is unrecoverable.

Microsoft does not support any of the following events:

  • Loss of data due to departing employees and deactivated accounts (outside retention period / delete and recovery periods)
  • Loss of data due to malicious insiders/hacktivists deleting content
  • Loss of data due to malware/ransomware
  • Recovery from prolonged outages
  • Long-term accidental deletion coverage with selective rollback

Where a Disaster Recovery Plan kicks in

A true data backup functions in one of three ways; an image backup, file and folder backup, or infrastructure redundancy.

Backups succeed by offering a replicate of your data, separated in a geographically different, unconnected storage so if you needed to recover any email or even rebuild the entire email system, you could from the last back-up.

You can’t have a disaster recovery and continuity of business policy without a back-up solution.

And Office365 is not a back-up solution or disaster recovery plan.


Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Top 15 Benefits of Managed IT Services

Top 15 Benefits of Managed IT Services

When running a business, information technology (IT) can be complex, time-consuming, and essential. However finding, hiring, and training qualified IT staff members has become more difficult than ever. With long hiring periods due to the specialization of the role,...

read more
Should You Hire an Enterprise IT Architect?

Should You Hire an Enterprise IT Architect?

Information technology (IT) is a crucial component of any enterprise, as it touches every digital aspect of a company ranging from computer systems to payment processing. Various software tools and know-how are needed to keep IT architecture operational, whether using...

read more