koya979 - Fotolia


Microsoft 365 disaster recovery options: Native vs. third-party

While Microsoft offers disaster recovery for its 365 platform, you might need more protection. Explore some of the available options, plus how to create a DR plan.

Microsoft 365 -- formerly Office 365 -- is one of the most popular software suites for businesses. Given the volume of data that organizations store within Microsoft 365 applications such as Exchange Online and SharePoint Online, businesses must carefully consider how to most effectively protect that data against disaster-related loss.

Microsoft's offerings for Microsoft 365 disaster recovery

Microsoft provides Microsoft 365 customers with various tools so they can perform a granular recovery on their own. For instance, OneDrive for Business includes a recycle bin where users can retrieve deleted items. Similarly, Exchange Online places deleted messages into a Deleted Items folder, which provides users with a means of recovering an accidentally deleted email.

However, these and other self-service features often have limits as to what can be recovered. For example, let's say you accidentally delete a user's mailbox. If you used a soft delete, Microsoft retains the mailbox and the associated user account for 30 days, and you can restore the mailbox relatively easily. But if you perform a hard delete -- such as by using the Remove-MsolUser cmdlet with the -RemoveFromRecycleBin switch -- Microsoft permanently deletes the mailbox and offers no native tool for getting it back.

Third-party services available for Microsoft 365 disaster recovery

Microsoft 365 and Office 365 have been popular for long enough that many vendors offer data backup and recovery for the platform. This holds true for traditional, on-premises backup products, as well as for SaaS-based offerings. Some better-known third-party products include:

Forming a Microsoft 365 disaster recovery plan

The process of formulating a Microsoft 365 disaster recovery plan isn't too different from creating a plan to protect any other type of data. One of the first things you must consider is where you can restore the data. If you back up Microsoft 365 data, then you must be able to restore that data to the Microsoft 365 cloud. However, if you have a hybrid environment, you should also be able to restore data to your on-premises servers. Your backup product should ideally enable you to restore on-premises resources to the Microsoft 365 cloud.

An important factor is your recovery point objective, which dictates the frequency at which data is backed up and how much data could potentially be lost in the event of a failure. An RPO of five minutes, for example, means data is backed up every five minutes and you should not lose more than five minutes' worth of data.

You should also consider the recovery time objective, which determines how quickly backups can be restored. Microsoft 365 is a cloud-based resource, so using a SaaS backup product might provide a better RTO than an on-premises product because your internet bandwidth won't constrain the recovery. Ask any prospective backup vendor about the throughput you can realistically expect when backing up and restoring Microsoft 365 data.

Backup and restoration granularity is another important issue. Ideally, your backup product should enable you to restore individual items, such as a specific file or email message. Although most modern Microsoft 365 backup platforms enable granular restorations, a few products still require users to restore an entire mailbox, for instance, to retrieve a single message.

Next Steps

Dig Deeper on Data backup and recovery software

Disaster Recovery