Common Mistakes with Microsoft 365 Backup

“My data is in the cloud, so it’s safe.” This is one of the most dangerous assumptions SME entrepreneurs make about Microsoft 365. In this article, we discuss common mistakes with Microsoft 365 backup and how to avoid them.

The big misconception: Microsoft backs up everything

Let’s start with the most important misunderstanding: Microsoft does take care of the infrastructure (that the servers run), but not your data.

Microsoft is responsible for:

• Availability of the service
• Physical security of data centres
• Infrastructure and hardware

You are responsible for:

• Your own data
• Access management
• Protection against user errors and cyber attacks

Mistake 1: Relying on the recycle bin

“If I delete something, I can retrieve it from the recycle bin, right?”

Yes, but with limitations:

After these periods, your data is permanently gone. There is no “call Microsoft support to get it back”.

Mistake 2: No protection against ransomware

Ransomware is one of the biggest threats to businesses. And here’s where it gets interesting: if ransomware encrypts your files, OneDrive neatly syncs those encrypted versions to the cloud.

You then have encrypted files on your laptop and in the cloud. Neither usable.

Microsoft does offer “version history” to go back to earlier versions. But:

• This only works for OneDrive/SharePoint files
• It can be labour-intensive with many files
• There’s a limit to the number of versions
• Ransomware can also delete versions

Mistake 3: Using email as an archive

“All my important documents are in my email, so they’re safe.”

This is problematic for several reasons:

Mistake 4: No backup of Teams data

Microsoft Teams has become the heart of communication for many businesses. But what exactly is stored, and where?

Data type	Location
Chats	Exchange Online / Azure
Files in Teams	SharePoint
Meeting recordings	OneDrive or SharePoint
Wikis	SharePoint
Teams configuration	No standard backup

The problem: this data is spread across multiple services, each with its own retention policy. An integrated Teams backup is not standard.

Mistake 5: Thinking compliance features are the same as backup

Microsoft 365 offers features like Litigation Hold, Retention Policies and eDiscovery. These are designed for compliance and legal matters, not for backup and recovery.

Mistake 6: No backup strategy for departing employees

What happens when an employee leaves?

If you then discover you need something from that mailbox… tough luck.

What is the solution?

A real Microsoft 365 backup strategy includes:

1. Third-party backup solution

2. Apply the 3-2-1 rule

For Microsoft 365 this means: original in Microsoft + backup in separate cloud + possibly local copy.

3. Test regularly

A backup you never test is not a backup. Do periodic restore tests to verify that:

• Backups are complete
• Restore actually works
• Recovery time is acceptable

4. Document and train

Ensure multiple people know how backups work, how to restore something, and who is responsible.

The cost of not backing up

Many businesses find backup “too expensive”. However, compare it with the costs of data loss:

• Lost productivity (recreating files)
• Legal risks (compliance data lost)
• Reputational damage (customer data lost)
• Ransomware ransom (if you have no alternative)

Conclusion

Microsoft 365 is a great productivity suite, but it’s not a complete backup solution. The responsibility for your data lies with you.

The good news: a good backup strategy is not complex or expensive. The bad news: many businesses only discover this when it’s too late.