No Good Answers for Office 365 Backups

Tony Redmond

by Tony Redmond on 7/26/2016

Share this:

Article Details

Date Revised:

Applies to:
Azure Active Directory, backup, cloud backups, Exchange Online, Native Data Protection, Office 365, office 365 groups, Office 365 Video, ransomware, SharePoint Online

Vendors of backup software often focus on the data belonging to a single application. That’s OK in the world of on-premises software, but it’s an approach that does not work for Office 365 where new applications use components drawn from multiple workloads. Traditional backup and restore approach is inadequate Office 365 Groups and Office 365. The lack of appropriate APIs to stream data in and out of Office 365 is also a concern. But the real question is whether cloud backups make sense.

One of the most common questions I get from people who are in the process of moving workload to Office 365 is about the backup strategy they should follow to protect cloud data. The question is predictable because on-premises administrators have long been coached (or harangued) to ensure that data is backed up on a consistent and predictable basis, preferably with some on-site storage thrown into the mix.

Backups are good, or so the mantra goes, because they protect companies against the vagaries of software and hardware bugs and provide a means to recover data if an administrator “goes rogue” and begins to delete information with abandon. Certainly there is much truth in these assertions, even if the rogue administrator is seen more often in the eyes of earnest representatives of those selling backup products than reality.

Of course, software and hardware bugs do exist and some of those bugs wreak havoc on data. However, the fact is that the software and hardware that is available today is better than ever before and doesn’t mess data up as much as happened ten or fifteen years ago. The much lower cost of storage means that it has become feasible to maintain multiple copies of data. The success of the Database Availability Group (DAG), introduced in Exchange 2010, is one example.

In fact, my belief is that the most common use of backups today is possibly to recover data erased due to user error. Software vendors do their best to incorporate functionality to help users recover from their own errors without the need to resort to a backup, but hey, life is flawed and imperfect and people make mistakes. The threat of ransomware and how to recover affected files is another issue that I often hear about.

All of which brings us back to the topic of backups for Office 365. Many vendors will be delighted to sell you a backup service for an Office 365 tenant, but before you write a check, we should discuss some essential facts.

First, there are at least five data sources that you need to consider when thinking about Office 365.

  • Exchange Online: For mailboxes, public folders, and so on.
  • SharePoint Online: For team sites and users’ personal OneDrive for Business sites. SharePoint Online also provides document libraries for Office 365 Groups and storage for Office 365 Video channels.
  • Azure Active Directory: For details about Office 365 accounts. Note that individual workloads have their own directories. For instance, Exchange Online uses EXODS to hold mail-related attributes for mailboxes and other objects.
  • Azure Media Services: The transcoded versions of videos uploaded to the Office 365 Video Portal are held and delivered to players from this service.
  • Azure Data Services: Used to hold information about a variety of services, including the metadata for plans created with Microsoft Planner.

Based on your usage of Office 365, you could include other repositories such as Yammer and Sway. The array of different data repositories and the connections that exist in the data used by different applications mean that contemplating backups is far more complicated for Office 365 than it is on-premises.

Second, Microsoft uses different backup regimes for different applications. Exchange Online uses Native Data Protection and Microsoft never takes backups of mailbox databases. The essential idea is that the standard 50 GB mailbox quota allows users to keep as much as they want for as long as they want. Backups are taken for SharePoint Online, but you have a limited time and some loops to go through if you need to ask Microsoft to recover data.

Third, most backup products take an application-centric view. For instance, if you worry about SharePoint data, your focus might be directed to site collections. However, you can’t make the assumption that all the data you need for a certain application is held in one place or another. Office 365 Groups provide a good example – group mailboxes are in Exchange Online and group document libraries and the shared group notebook are stored in SharePoint Online.

Therefore, to recover a deleted group, you need to extract data from two places and make sure that the restored data goes into the right place. And if the Office 365 Group is associated with a plan managed by Microsoft Planner, you’ll have to recover the plan metadata too. Another example is in Office 365 Video, where SharePoint Online has a separate site collection to hold the source videos for each channel but the actual transcoded videos are managed by Azure Media Services. Microsoft Stream simplifies this structure by storing everything inside Azure.

Although many backup products are available that are capable of dealing with individual elements (for instance, CloudAlly SharePoint Online Backup or AvePoint DocAve Online), I don’t know of any backup product that has yet embraced the development fabric that exists within Office 365.

It is understandable that backup vendors have taken the same approach to Exchange Online and SharePoint Online as they do for the on-premises versions, but it’s a shame that no one puts all the bits together to reflect the reality that exists within Office 365. I have some sympathy for the backup vendors because Microsoft is pumping out new functionality and features for Office 365 very quickly, but it’s surely not impossible to come up with the capability to backup and restore the data created and used by the new features in some reasonable period. After all, Office 365 Groups were launched in November 2014.

Taking backups is child’s play when you control everything in an on-premises environment. Backup processes and procedures are well understood and tested and the APIs and appliances that are used have been around for years. It’s very different in the cloud. The target is likely to be another cloud operated by the backup vendor (for example, Barracuda Cloud-to-Cloud or Spanning Backup for Office 365), that might complicate the situation in its own way, especially in terms of data residency.

Another issue is that the APIs that are available to backup vendors to access Office 365 data are not designed for backup operations. In most cases, they are client APIs (like Exchange Web Services) that are being used because no other choice exists, so limitations in terms of throughput and scalability might be encountered.

Given the obvious differences that exist between cloud and on-premises environments, it’s unsurprising that a new approach to backups is required for companies who move to Office 365. What I’ve learned over the last five years is that attempting to replicate backup processes used inside traditional on-premises environments for cloud applications is seldom a recipe for success.

If you are in the market for a backup product to help protect your Office 365 data, ask vendors some questions before making any commitment to a product. For example:

  • What exactly does the product back up in terms of data? How scalable is the product in terms of being able to handle the overall data for the tenant?
  • Where is the backup location and does it meet the same security and data residency requirements as your Office 365 datacenter region does?
  • What can be restored? Can complete Office 365 applications be restored or only the files? How quickly can data be restored and can the operation be controlled by the customer or does it have to be executed by the backup provider?
  • What common restore conditions does the product handle? For example, if your tenant is attacked by ransomware, how can the product help you to recover user files?
  • When and how are backups taken?
  • How much does the backup cost per user per month? On what basis is the cost calculated (per user, per gigabyte, per site, per mailbox?)

Many of the backup vendors offer free trials of the product. Before committing, you’d be wise to test a couple of different products to ensure that cloud backups are worth the expense.

Office 365 is a challenging environment for backup vendors. The old ways of accessing and protecting data are gone and they’ve lost a lot of control that they once had over how backups were taken and processed. Perhaps it’s time to ask whether backups are still required for your tenant. If you decide that backups are needed, look for a vendor who can handle the complexities of Office 365 with a minimum of fuss.

You can follow Tony Redmond on Twitter: @12Knocksinna.

Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.

Topic: Business Strategy

Sign in with

Or register

  • Office 365 Mailbox Backup Tool
  • Thanks for sharing such useful information. I would like to share an easy to use tool to create backup of Office 365 Mailbox in different file formats. Amazing solution ... You should try this once.

  • you have the StorageCraft Office 365 Backup
  • Hi,
    Thanks for sharing this informative blog with us. Like you mentioned rightly, there are various tools that does not justify the meaning of O365 Backup completely. Our organization struggled a lot to find the perfect solution. We have used SysTools Office 365 backup. It is quite what we need for migration. To know about the tool, their company link is as follows:

    Office 365 Backup Tool

    Best Regards.
  • We''''ve got this thing called ''''Bewaarplicht'''', where you have to keep a copy of all critical data for 7 years. Now let''''s say someone deletes one of those documents, but only realizes it after 2 months nothing protects you from that scenario unless you have a backup. IMHO if you''''re a real company, the cloud isn''''t for you.