NAKIVO > Blog > Microsoft 365

Comprehensive Guide to Backing Up Office 365 Emails

Published: November 26, 2024

Written by: NAKIVO Team

Do you regularly back up Office 365 emails? If not, there’s bad news. Even cloud giants like Microsoft can experience outages and disruptions. And contrary to popular belief, Microsoft holds your organization responsible for any data loss due to these events. Moreover, according to Microsoft’s Shared Responsibility Model, protecting all your data within Microsoft 365 infrastructure is solely your responsibility.

This post explores native Microsoft features and third-party tools that can be used for Office 365 email backup. The post can also help you choose the perfect backup solution based on your organization’s requirements.

Backup for Microsoft 365 Data

Backup for Microsoft 365 Data

Use the NAKIVO solution to back up Microsoft 365 data in Exchange Online, Teams, OneDrive and SharePoint Online for uninterrupted workflows and zero downtime.

DISCOVER SOLUTION

Why Back Up Office 365 Emails?

You may need Microsoft 365 email backup for different reasons, which mostly fall under three categories.

1. To prevent data loss and corruption

Possible causes: cyberattacks, human error, software and hardware failure, improper data management, Microsoft 365 subscription cost (storage limits)

In its Shared Responsibility Model, Microsoft states that users are fully responsible for the security of their data, including O365 email backup, malware protection and access management. And even though Microsoft provides features that can enhance data security to some extent, they can’t replace data protection and antimalware software.

A dedicated solution can help ensure data protection and cybersecurity best practices, which is not possible with Microsoft native tools alone.

2. To ensure operational resilience and minimal downtime

Possible causes: cyberattacks, outages and disruptions

Microsoft takes responsibility for the availability of its services, but the ball is in your court when it comes to your organization’s data and its impact on business operations. In other words, if cybercriminals corrupt data critical for your business or attack your production server, the disruption and disaster recovery are solely your responsibility.

Hardware and software failures happen to everyone, even to such giants as Microsoft (let’s take the almost 6-hour cloud outage in January 2023 as an example). In such cases, you risk losing all your data without a backup copy stored outside the Microsoft infrastructure.

3. To comply with legal requirements

Microsoft offers retention policies, litigation holds and eDiscovery to simplify legal compliance. However, this may not be enough to fully comply with European regulations like GDPR or the upcoming DORA, which set strict data protection and recovery requirements.

Overview of Microsoft 365 Backup Options

Quick Summary of Native Backup Features

Does Office 365 backup emails? All Microsoft 365 native tools are primarily designed for compliance and data management, and they don’t amount to a comprehensive backup solution. However, Microsoft has announced that their new functionality, Microsoft 365 Backup, a preview of which has been available since 2023, will be generally available in the middle of 2024.

With Microsoft 365 Backup, users will be able to back up Exchange mailboxes and perform full or granular recovery. However, all backup data seems to reside within the Microsoft 365 infrastructure, which does not align with data protection best practices.

As for now, the following features, which do not constitute Microsoft 365 email backup, can be used:

  • Email forwarding. You can automatically forward all emails to another (spare) account to create an exact copy of the primary mailbox. However, the other account can be hit by a cyberattack just like the primary one. You can also run out of space in the blink of an eye.
  • Export in .PST. This option is suitable for a one-time operation but not when you have hundreds of user mailboxes. As an admin, you can end up exporting data manually for each account, as there is no automation option.

More advanced features include the following:

  • Archive mailboxes (In-Place Archiving). The main difference between archiving and email backup is that when emails are archived, they are simply moved to another folder, and no data copy is created automatically. You can use this tool to optimize storage space or to separate old emails from the primary mailbox. However, by default, there is a storage limit of up to 100GB. Besides, both archive and primary mailboxes can be subject to cyber threats.
  • Retention policies and labels. Microsoft 365 retention is designed for long-term lifecycle data management, mainly to control the storage size rather than to ensure that you have a clean copy of your data for disaster recovery. When you are configuring the policy or labels, you choose the period during which the content should be retained before removal. With a hold applied, the content remains in the original location, but if someone edits or deletes Exchange mailboxes, a copy is automatically retained in the Recoverable Items folder, and this copy can be used to recover deleted Office 365 emails.
  • eDiscovery and Litigation Holds. These types of holds are designed for retention for a limited time only of content related to a case and that may be requested by legal authorities. Microsoft doesn’t recommend using eDiscovery for long-term data retention. The feature is not designed for recovery but rather to help ensure that the content stays in place till needed, regardless of any other applied retention rules.

Note that archiving, retention policies and labels, eDiscovery and Litigation Hold are part of the Purview portal and available for Business Premium or Enterprise plans starting at plans E3 and higher. At the moment of writing this post, subscription prices are $22, $33.75 and $54.75 per Microsoft 365 user for Business Premium, E3 and E5, respectively.

Meanwhile, a third-party backup solution like NAKIVO Backup & Replication would only cost you $0.80 per Microsoft 365 user.

Limitations of Native Office 365 Backup Options

The main limitation of Microsoft native tools is that they are not equivalent to a proper backup solution and cannot replace one. Let’s explore in more detail why this is the case.

Neglecting data protection best practices. Along with data backup and archiving, your data protection strategy should include the following:

  • backup storage tiering (the 3-2-1 backup rule) to strengthen data resilience and recoverability
  • cyber security measures, including end-to-end encryption and access control to data protection activities and backup data
  • immutability and air-gapping techniques for more reliable protection against ransomware and other cyber attacks
  • business continuity and disaster recovery plans

And this is where native tools fall behind, as they lack the necessary features for robust data security and resilience against cyber threats.

Administrative hassle. Microsoft native tools are far from a simple one-click solution when it comes to archiving and recovery. In most cases, admins need to manually configure retention rules and ensure those rules are applied before deleting a user. The best part? These rules can take up to 7 days to be applied to user data. Otherwise, all data can be deleted for good.

The Litigation hold and eDiscovery features are overcomplicated with many steps and conditions that only an experienced administrator can handle. The configured rules can overlap, expire or go wrong due to human errors.

Time-limited recovery. Without a retention policy, the recovery time is limited to 14 days by default or a maximum of 30 days if you tinker with settings. After that, you can no longer recover a deleted email or mailbox.

No point-in-time recovery. Whatever native tool you may use, Micorosft clearly states that point-in-time restore is out of scope in Exchange Online, and you need a third-party backup solution to restore a mailbox or an email to an exact point in time in the past.

Account deletion risks. Migrations to other accounts, human error and cyberattacks can result in accident account removal, which is irreversible. This means that all associated data is lost for good unless you have a backup copy of that data or have previously configured a retention policy. With the retention policy, you can still access data using the eDiscovery feature, but you’ll have limited recovery capabilities.

Additional storage quotas. Microsoft 365 allows storing up to 1 million emails per mailbox and 3 million in the Recoverable Items folder (but at most 30GB). Depending on the plan, the storage limits vary for user and archive mailboxes, Recoverable Items folder in the archive mailbox, and mailboxes that are put on hold. The number of retention policies you can configure per mailbox and account is also limited, so you may need a plan upgrade.

Exploring Third-Party Backup Solutions

Why Choose Third-Party Backup Solutions?

Here’s a quick summary of why a third-party backup tool is essential, not optional:

  • Native tools don’t equate to Microsoft 365 email backup and have many limitations, as described above.
  • Native tools don’t ensure sufficient data resilience against digital risks and disruptions.
  • Complicated management and administration, often with a lot of manual effort.
  • Microsoft isn’t responsible for disruptions and data loss due to outages, even those on Micorosft’s side. In their Service Agreement, the company even recommends that you back up your data regularly:

    “We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”

How to Evaluate Third-Party Backup Solutions?

Now that we know that a comprehensive backup solution is critical for your business continuity and data resilience, let’s take a closer look at the functionality you need to look for when searching for a perfect tool.

  • Support for multi-platform and hybrid environments. When choosing a backup solution, you want comprehensive software that backs up all your workloads – be it in the cloud, on virtual and physical machines or in Microsoft 365 – all from a single pane of glass.
  • Offsite and cloud backup storage. To strengthen your data resilience, you need to keep Office 365 email backup copies separately. The golden 3-2-1 rule states you need at least 3 backup copies, 2 offsite and 1 in the cloud. Thus, the backup solution should support various storage options, including local folders, NAS or deduplication devices, public clouds and S3-compatible cloud platforms in general.
  • Data integrity. You need to be able to run app-aware backups to ensure that app data is consistent without the need to cease programs that are currently in use.
  • Automation capabilities. The backup solution should simplify administration not make it worse. Go for solutions with advanced backup scheduling options, policy-based workflows and other automation features.
  • Advanced security and ransomware protection. You don’t want your backup data to be corrupted or accessed by cybercriminals. Ensure all security features are in place, including end-to-end backup encryption, role-based access control to data protection activities and backup data, as well as support for immutability and air-gapping.
  • Compliance search. The solution should allow you to easily browse and search across all your backup data, drill down to user mailboxes, preview attachments and quickly recover needed files or emails in seconds to their original or new location.

The most important thing, however, is to have a comprehensive backup strategy covering all possible risks and defining procedures and measures to take in case of disruption. If you still don’t have a strategy, invest time and effort into creating one. Once you outline the risks, recovery objectives and business continuity plans, it will be easier to choose a perfect backup tool based on your specific needs.

Step-by-Step Guide to Backup Office 365 Emails with NAKIVO

NAKIVO Backup & Replication offers all the necessary functionality to ensure a secure and reliable backup of your Microsoft 365 emails and their content.

After adding your Microsoft 365 account to the solution, you can run backups of Microsoft 365 data, including mailboxes and their content, One Drive for Business files, SharePoint Online sites and Microsoft Teams data.

You can watch this short video on how to back up and recover Microsoft 365 data with NAKIVO or read on for the steps.

In the Data Protection dashboard, go to Jobs, click the + and then Microsoft 365 backup job.

Create a Microsoft 365 backup job

The job wizard has five steps detailed below. Click Next at each step to proceed to the next one.

  1. Sources. You can choose to back up the entire Microsoft 365 account with all associated data or separate user and group mailboxes.

    In the left pane, use the Search field to find needed items or browse through mailboxes manually.

    Select mailboxes to back up

  2. Destination. Specify where you want to store backup data.

    Choose a repository from the Destination drop-down list. NAKIVO supports a wide range of backup repositories for Microsoft 365 data, including repositories in public clouds like Amazon EC2, Amazon S3, Azure Blob and Wasabi, generic S3-compatible platforms, local folders and NAS file shares.

  3. Schedule. Here, you can choose backup frequency and schedule, configure retention rules and apply immutability to backup data.

    Select Do not schedule, run on demand if you want to run a one-time backup. Click Next to proceed to the next step.

    If you want to configure a schedule, select Prioritize schedules.

    • Enter the schedule name and select frequency from the drop-down menu: Weekly, Monthly, Yearly, Periodical or After Another Job (if any). Depending on your selection, you can configure the schedule more granularly. Alternatively, click on Show calendar and edit your job from there.
    • Choose how many days, weeks, months or years the solution should retain the backup data.
    • If the repository you chose at the Destination step supports immutability, you can select Immutable for and specify the period during which backup data can’t be changed or removed by anyone.

    Configure backup schedule and retention

  4. Options. At this step, you can configure mailbox processing, encryption options (including network and at-source encryption), set job priority, configure pre- and post actions and more.
    • Enable AES256 encryption to protect backup data. Select Network encryption and/or Backup encryption to ensure end-to-end data security against unauthorized access.
    • In the Change tracking drop-down list, select Microsoft change tracking. After the initial full backup, NAKIVO’s solution runs incremental backups and writes only changed data blocks. By using native Microsoft API, the solution can quickly identify changed data blocks and improve the overall processing speed.
    • Select the types of content you need to back up under Mailbox Processing.
    • Refer to NAKIVO User Guide for a more detailed description of all configurations you can make on this page.

    Click Save or Save & Run to complete the job.

    Configure advanced options, including backup encryption and change tracking

See the Solution in Action

See the Solution in Action

Get a personalized demo of any feature to get started in no time. Our engineers are here to help and answer any questions you may have.

Book a Free Demo

People also read

Picture
A Detailed Guide on Migrating PST Files to Office 365
Picture
A Guide on How to Find Old Emails in Microsoft 365
Picture
A Guide on How to Import Contacts to Outlook 365