Article
Microsoft 365's native retention policies are not a backup, despite what your team probably thinks. Three scenarios where you will find out the hard way, and what an actual backup looks like.
“We have retention policies on, so we are backed up.” We hear this in roughly half of the Microsoft 365 tenant assessments we run. It is wrong. The two things solve different problems, and assuming retention covers backup is the kind of misunderstanding that gets discovered at the worst possible moment.
This post is the conversation we have with clients who have made the assumption.
Microsoft 365’s retention policies (in Purview, formerly Compliance Center) are designed to keep data for compliance purposes. They prevent deletion of items for a specified period, regardless of what users do. They are a defensive feature against the loss of regulated data.
Specifically, retention will:
What retention will not do:
The distinction matters because backup and retention are designed for different threat models. Retention defends against compliance gaps. Backup defends against catastrophic loss.
Scenario 1: ransomware encrypts mailbox content. An attacker with access to a user’s account encrypts every email file and replaces the originals. Retention sees the modification as a normal user edit. The encrypted versions become the current state. Recovering the originals through retention requires eDiscovery, item by item. For a mailbox with 50,000 items, that is days of work, and there is no guarantee every item is recoverable.
Scenario 2: departing employee mass-deletes. A user gives notice on a Friday, spends the afternoon deleting their OneDrive contents and outgoing email, then leaves. Retention can recover the files. Recovery is per-item, often takes admin intervention, and depends on whether the user had any pre-existing eDiscovery hold. A backup would let you restore the full OneDrive to its 9 a.m. Friday state in minutes.
Scenario 3: SharePoint site corruption from a misconfigured workflow. A Power Automate flow gone wrong overwrites the metadata on 10,000 documents in a SharePoint library. The current state is the corrupted state. Retention preserves the uncorrupted versions in the recycle bin and version history, but reverting a library full of files in bulk is not a feature retention provides. A backup is.
In each case, the data is technically recoverable through retention. The recovery is also slow, manual, and far from a one-click restore.
A real Microsoft 365 backup product captures point-in-time snapshots of mailboxes, OneDrive accounts, SharePoint sites, and Teams content, stores them in a separate vault outside your tenant, and lets you restore selectively or wholesale.
The market is mature. The names you will see most often:
Costs are roughly $3 to $5 per user per month, billed separately from your Microsoft 365 license. For most mid-market businesses, backup is the right call once you cross 25 users or have any compliance pressure.
If you have more than 25 users on Microsoft 365 and any of the following are true, you should have a backup product in place:
If none of those apply, retention plus the recycle bin probably gets you there. But the cost-benefit math tends to work for backup at almost any size, and the conversation usually goes from “we do not need this” to “we have it” the first time something happens.
The pattern that always ends badly: assuming retention is enough, finding out it is not, and discovering during the incident that the backup product takes 24 hours to seed against the tenant before its first protection point. Set this up before you need it, not during.
— Continue reading
Most Microsoft 365 tenants have either too few conditional access policies or too many ineffective ones. The five baseline policies every mid-market tenant should run, in priority order.
From Charlotte's financial district to the Research Triangle and Greenville's manufacturing corridor, businesses across North and South Carolina are putting AI to work. Here is what is actually happening on the ground.
Most Copilot rollouts skip the measurement step, which means nobody can tell whether the per-user license cost is paying back. A six-week plan with the metrics that matter, and the ones that look impressive but mean nothing.
— Related services
Tailored Microsoft 365 plans, deployment, and ongoing support — designed for businesses that need reliable productivity infrastructure without the in-house overhead.
Outsourced IT operations for businesses too small for a full team and too established for ad-hoc support. Microsoft-stack focused, SLA-backed.
Practical Microsoft-stack security: identity hardening, endpoint protection, email and data security, and the documentation auditors actually ask for.
