ThinkstockData and disaster recovery
It’s important to note that Office 365 does not back up your email. Microsoft offers native data protection, which includes multiple passive copies (lagged copies) split between two data centers. That is a fantastic solution for providing availability of existing data, but it doesn’t ensure a point-in-time recovery of data deleted that has gone past the deleted item retention period. In addition, that retention period is 14 days by default and can be extended to 30 days (you read that correctly: 30 days) through a remote PowerShell connection. You should be aware that your data can be lost.
Luckily there are ways to mitigate this. For starters, Microsoft recommends you put all mailboxes on legal hold. To do so requires a more expensive Office 365 plan (E3), which may make this solution prohibitive for some organizations. In addition, it’s not an interactive, read-only archive solution for your users, but it does ensure that all data is held and discoverable. It also doesn’t give you the ability to do a point-in-time restore, so it’s not a backup solution in the traditional or modern sense of the word.
Knowing these limitations may mean you need to look to a third-party backup/recovery solution for Office 365 or a solid online archive solution. You want to know your data is safe and discoverable (for compliance and more). This is another area, like security, where you may need to look to the Office 365 partner ecosystem to find the solution that bolts on and can resolve these concerns.
As you put together your optimal Office 365 environment, remember that the above settings recommendations are merely the basics. Consider them the absolute must-have settings to get you up and running. If your organization has a security operations center, you should consult with them about further improving your security. Compliance team? Check on adding more transport rules and setting up further data loss prevention.
But whatever you do, don’t settle for the default.
Related articles