Is Your Office 365 Data Safe?

Microsoft’s Cloud deployment of Outlook and Office 365 Data, continues to gain ground over the traditional on premise deployments, mainly due to the price and the widening features gap between the cloud and non-cloud versions along with its perceived simplicity to purchase and operate on an Opex model.

There is no doubt Office 365 has changed the way we approach the use of email and the ability to connect to our Outlook client from the browser and get the same look and feel as when we used in on our desktop versions and is a far cry from the early OWA dashboards. However, this leap in features and usability hasn’t removed the need to manage and administer the product with the same care as if it was an on premise deployment.

An example of a widely misunderstood but important feature that has changed between the on premise and cloud versions is the ability to backup items in your Outlook mailbox. The on premise version can be configured to retain months and even years of items and is limited by the hardware available to store such amounts of data. The cloud version is however, defaulted to 14 days with the non-trivial option to extend this to a maximum of 30 days.

This is throwing up lots of questions and comments on blogs and tech sites as data loss becomes a big concern for Office 365 customers as Microsoft’s backup policies cannot guarantee a complete and speedy restore of lost data.

The other associated concern is that users are reporting the process is both long and complicated, and there appears to be a variety of retention policies based on the individual applications included in the cloud platform.

We shouldn’t be surprised or alarmed about this seeming lack of functionality, as we must all remember that Microsoft is a software vendor, not a silver bullet and they also expect (and probably hope) that users will recognise that they must have some vested interest in ensuring that their valuable information has some form of protection surrounding the functionality of the Office 365 product rather than assuming “Microsoft will take care of everything for £9.99”.

According to Microsoft MVP Brien Posey: “The sad truth is that you might not have as many options for restoring your data as you might think. As such, it is critically important to understand your options for disaster recovery in an Office 365 environment. Microsoft’s primary mechanisms for protecting Office 365-based Exchange Servers are geographically distributed Database Availability Groups. Microsoft says they also perform traditional backups of Office 365 servers. However, those backups are used for internal purposes only if they experienced a catastrophic event that wiped out large volumes of customer data.

“Neither is there a provision for reverting a mailbox server to an earlier point in time (such as might be necessary if a virus corrupted all the mailboxes on a server). The Office 365 service-level agreement addresses availability, not recoverability.”

So in short, Microsoft’s policies are not designed for customers to have direct access to backed up office 365 data with the ability to easily restore it or guarantee the data will be recoverable.

The need to take stock of how you’d recover important data becomes even more critical if you combine your Office 365 data with the collaboration tool, OneDrive.

Data loss in OneDrive caused by any number of circumstances from user error, hacking, sync issues, or malicious data loss can leave a user seriously short of their prized data as again many users don’t understand that OneDrive only stores the most recent version of your content, not the entire version history. Therefore, you can’t rely on searching for the original document that you used before you hacked it around and broke it.

Recently, new data retention policy settings have arisen for Outlook, but the implementation of these only serve to strengthen my earlier warning that although Office 365 data and OneDrive are fantastically easy and available anywhere, it doesn’t mean Microsoft has performed some sort of IT magic, you still have a responsibility in all this.

Here’s a snippet of what you do to extend your Outlook retention from 14 to 30 days taken directly from the Microsoft technet site:

  1. Connect to Exchange Online through PowerShell.

Remote PowerShell allows you to manage your Exchange Online settings from the command line. You use Windows PowerShell on your local computer to create a remote PowerShell session to Exchange Online. It’s a simple three-step process where you enter your Office 365 credentials, provide the required connection settings, and then import the Exchange Online cmdlets into your local Windows PowerShell session so that you can use them.

Once you’re in here are the first two command line inputs you have to make:

At the prompt in the PowerShell window, run the following command:

Set-ExecutionPolicy RemoteSigned

$UserCredential = Get-Credential

Lost yet?-  Exactly, not quite as friendly as you might have perceived huh?

So in summary, Office 365 is a big step forward in how we all operate and on a day to day level is easy to use. But get some professional help with the administration of the system and don’t like so many people do, expect your Office 365 data to be there when something goes wrong if you haven’t taken the right steps to protect it. And don’t expect Microsoft to come to you rescue because they have boundaries to what they can offer for £9.99 just like the rest of us.

Share this on:

Tags : Blog