Any tool that is crucial for your daily operations – from Microsoft Teams or emails to OneDrive files – needs backup and reliable restore strategies. This way, you support the business continuity, compliance efforts, credibility, and overall security stance of your business. Keep in mind – without a well-thought-out backup strategy, you are risking being exposed to:

  • Permanent data loss due to accidental deletion, ransomware, or retention misconfigurations
  • Disruption of operations caused by outages or failed recoveries
  • Compliance and legal risks tied to missing audit trails or not meeting regulatory requirements
  • Limited control over data recovery

Let’s take a closer look at aspects affecting your Microsoft 365 data. Over the years, a couple of events took place regarding data security with Microsoft 365.

Contents hide
1 Reason # 1 – Ransomware attacks
2 Reason # 2 – Human error
3 Reason # 3 – Service outages and disruptions
4 Reason # 4 -The shared responsibility model
4.1 Retention policies issues
5 Reason #5 – Legal and compliance requirements
6 Microsoft 365 native backup and recovery capabilities
7 GitProtect can help you secure your Microsoft 365 data

Reason # 1 – Ransomware attacks 

Ransomware can hit your data, whether it is on-prem or in the cloud, and the same goes for Microsoft 365, no exceptions. Extra platforms, be it SharePoint Online or OneDrive, open up new pathways for hackers to damage your organization because the surface that can be attacked is larger. Once a file is encrypted, it will most likely sync across devices and users, and spread the infection in real-time. Unfortunately, by the time you notice, clean copies may already be overwritten.

For instance, in 2024, researches discovered that two ransomware groups STAC5143 and STAC5777, exploited the default settings of Microsoft 365. Attackers used their own MS365 tenants to contact internal users. Sophos MDR reports they noticed over 15 incidents similar to this case, dating back 3 months. Some tactics included spamming with emails – even up to 3K emails in under an hour – and posing as Microsoft Tech support to install malware. Furthermore, in July 2025, the Storm-2603 threat group exploited a Microsoft SharePoint vulnerability. This allowed the attackers to compromise over 400 servers with the ToolShell exploit. The security patches were actually bypassed, which resulted in emergency updates and new steps for dealing with the incident.

All of these prove that organizations need isolated backups, immutable storage, and point-in-time restores to help them recover from ransomware attacks. So, what actually happens when ransomware hits your organization’s data? Well, take a look at these examples:

  • OneDrive or SharePoint: files get encrypted & synced across the environment
  • Exchange Online: malicious links or attachments can compromise inboxes
  • Teams: threats can spread through shared files as well as cloud storage integrations

Therefore, with no secure, off-platform backup, you have no guaranteed way to restore your data… Moreover, paying a ransom will not guarantee that you get your critical data back. Moreover, it may damage your reputation and negatively affect your compliance efforts. Keep this in mind: a backup solution is your last line of defense.

Reason # 2 – Human error 

Did you know that human error contributed to 95% of data breaches in 2024? So, it is not just bugs or threat actors who try to target our critical environments. The reasons could vary from misconfigured access controls to overwriting documents and accidentally (or intentionally) deleting a file from your Microsoft 365 environment.

In August 2020, 145K KMPG Microsoft Teams users’ chat histories were permanently erased. The reported cause was an IT blunder. Microsoft themselves have confirmed that data cannot be recovered and attributed the cause of the incident to human error. Instead of applying a relevant policy to the specified account, it was applied to all of KMPG Teams.

A reliable third-party backup and DR solution will accommodate this with unlimited retention, flexible restore options, along frequent and automated backups. This way, even if an employee accidentally deletes a chunk of your data, you can recover it in no time and support your business continuity.

Reason # 3 – Service outages and disruptions

While Microsoft is responsible for the uptime of its platform and services, outages still take place. These range from smaller, regional disruptions to authentication issues and even global outages. Now, being affected by an outage can leave you without access to your OneDrive files, emails, and even calendar events, as well as communication in Teams.

Furthermore, what if such an outage were to happen during your product launch or a client delivery? Well, with no reliable, external Microsoft Office backup solution, your Microsoft 365 data is simply trapped inside a platform that you are locked out of.

Just in March 2025, over 37K Outlook users were affected by an issue that left them locked out of their accounts. Other affected services included Excel, PowerPoint, Teams, and Azure. Many users expressed their frustration across social media, as the service status page was showing the wrong status (available) while the whole world was tweeting about Microsoft services being down.

June 17th, 2025, brought another worldwide Microsoft 365 outage. The issue mainly affected Teams and Exchange Online. Some users started noticing a false alert regarding their subscription expiring. The reason for the almost-2-hour outage was an internal technical error on Microsoft’s end.

Moreover, take a look at the DDoS attack and the implementation error in July 2024. An outage of CrowdStrike on July 18th, 2024, led to disruptions in hospital systems and emergency services, as well as air travel. A similar attack was aimed at Microsoft 365 and caused almost 10 hours of downtime for Azure and Microsoft Office. What is more, the attack was amplified by the company’s error in defense implementation.

Reason # 4 -The shared responsibility model 

As you may know, Microsoft 365 operates under the shared responsibility model. This is where many organizations can get caught off guard. Microsoft’s responsibility, according to the shared responsibility model, is simple – platform uptime and infrastructure availability. Now, the native capabilities of Microsoft 365 leave gaps that your backup service, such as GitProtect.io can address. Moreover, Microsoft 365 backup will be more cost-effective and secure when using third-party apps. You get unlimited data retention, geographically independent data centers, and a user-friendly interface. This addresses Microsoft’s retention policy gaps and helps you keep your sensitive data protected. But remember, it is your responsibility to secure the essential data stored: protecting it from data loss, misconfigurations, deletions, or attacks. That means data backup and recovery is your duty.

The Microsoft Services Agreement for Service Availability clearly states: 

“We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”

Retention policies issues 

While Microsoft does bring some retention policies to the table, they are not designed to serve secure backup processes. Retention settings vary from tool to tool. This leaves room for misconfigurations and can have negative consequences. Managing different retention settings for several users, from different departments, who use different tools, can be time-consuming, risky, and confusing.

What is more, once the retention period expires or a policy is removed, your data will be permanently deleted. The native tools by Microsoft do not offer full data recovery or even point-in-time restores – that is especially true for larger-scale data breaches or events that happened long ago in the past. If your business is in a field that requires compliance and long-term data protection along with audits, then it is crucial that you opt for a backup solution that provides an unlimited retention period and flexible recovery.

Reason #5 – Legal and compliance requirements 

Being compliant with industry standards and legal requirements guarantees data security, availability, and integrity. Passing audits for frameworks like SOC 2 Type II or ISO 27001 also gives your company a competitive edge over other organizations. A core element and a requirement of compliance with such standards is a comprehensive backup solution. A complete backup solution can provide you with flexible options such as point-in-time restores for your Office 365 data and further ensure business continuity.

In March 2024, the European Data Protection Supervisor (EDPS) mandated that the Eurpoean Commission broke the rules of EU data protection. To be specific, the incident was about data transfers to the outside of the EU, and it was not clear what Microsoft 365 data was being collected or what it was being used for. The result was that the commission had to suspend these actions by December 2024 and work towards compliant usage of Microsoft 365. This is a prime example of how even the biggest of organizations can simply overlook or dismiss the aspect of compliance requirements when it comes to the use of Microsoft 365.

Microsoft 365 native backup and recovery capabilities

As you may know, Microsoft does have native backup capabilities. It is specifically available for Exchange Online, OneDrive for Business, and SharePoint Online. While Microsoft 365 offers some basic features, they are for short-term retention and limited restore processes, not for backup or disaster recovery services of critical business data. Snapshots are made every 10 minutes, and the retention period is up to one year. The solution uses immutable storage to prevent malicious actions. Moreover, admins can do a full restore, meaning the entire mailbox or OneDrive account.

However, the coverage, as we said, is limited to Exchange, OneDrive, and SharePoint. File-level restore is also only available for Exchange. The retention period is a maximum of 1 year, so there is no archiving of data beyond that time. There is no possibility of restoring data from a specific point in time either.

GitProtect can help you secure your Microsoft 365 data 

Everything we’ve outlined so far, from shared responsibility model gaps and retention limits to ransomware threats, points us to a gap in the Microsoft 365 native model. That is exactly the problem GitProtect helps you to address. GitProtect.io provides your Microsoft 365 data with the independent, enterprise-grade protection it needs, while covering all the data you need. Given the trends and issues we have discussed, consider the following capabilities of GitProtect – a third-party backup solution, as must-haves, to avoid data loss:

  • Automatic Microsoft 365 backup of Exchange Online, OneDrive, SharePoint sites, and Teams data.
  • Point‑in‑time & granular recovery; restore data such as a single email, calendar event, or even an entire tenant from any specific moment. Granular recovery helps to minimize any productivity losses.
  • Backups stored in immutable, WORM-compliant, non-executable form. This facilitates integrity even if attackers were to infiltrate your storage. All of the data is encrypted in-flight and at rest using AES 256, and you can use your own encryption key, too.
  • You have a choice of GitProtect Cloud Storage (unlimited storage) or your own (AWS S3, Azure Blob, Google, Wasabi, NAS, or local). Advanced replication to multiple destinations supports the 3-2-1 backup rule and allows for flexible and resilient backups.
  • Specify multiple backup plans with custom schedules – GFS, Forever Incremental, or basic and custom. You can actually set retention to unlimited and keep data indefinitely if that is what you need to meet compliance with SOC 2, ISO 27001, or GDPR.
  • Management of tenants, users, and workloads – all from a unified web console. Get real-time dashboards, audit-ready SLA and compliance reporting, along with customizable alerts.
  • Support for SSO, SAML, and role-based access control guarantees that only authorized users can access and manage backups. All actions are logged and audit-ready to meet your internal security policies and compliance standards.

Every business should take the responsibility for the security of its Microsoft 365 data into its own hands and guarantee data protection for ransomware attacks, accidental deletions, outages, and compliance audits.

[Early Access] Get early access to GitProtect for Microsoft 365 🚀

Miłosz Jesis, Technical Content Writer at GitProtect.io
Milosz is Technical Content Writer at GitProtect, demonstrating fluency in both Polish and English, and a passion for language and technology. Currently pursuing a degree in Philosophy at UWE Bristol, he excels in creating engaging technical content that bridges the gap between users and the emerging technologies. Milosz leverages his writing skills and technical knowledge to author articles and blog posts, with a focus on DevOps, cyber-security, and potential cyber-threats, among other crucial IT topics. Additionally, valuable translations provided by Milosz further enhance GitProtect's communication and global outreach.

Comments are closed.

You may also like