Why your organization needs Microsoft 365 data protection

Druva Marketing

The ways enterprises deploy application software have changed dramatically in recent years. Rather than locally installing programs, organizations are increasingly leveraging the cloud with software-as-a-service (SaaS)-based applications, such as Google Workspace, Salesforce, and Microsoft 365 taking center stage, and increasing the possibilities for worker productivity and collaboration. Previously known as Office 365, Microsoft 365 has emerged as a leader in the SaaS app space and enables enterprises to achieve new levels of productivity. The cloud platform delivers a comprehensive suite of apps including Microsoft Teams, Word, Excel, and PowerPoint.

However, despite the ongoing success of Microsoft 365, there remain gaps in the platform’s data protection capabilities. The backup and restore functionality for data hosted in Microsoft 365 applications is often a misunderstood aspect of the platform. Many enterprise IT departments rolling out the product suite fail to realize the inherent data risks to safeguard end-user intellectual property. Most importantly, the responsibility for Microsoft 365 data protection falls squarely on the customer’s shoulders. Microsoft even says as much in its service agreement¹:

“We recommend that you regularly backup your content and data that you store on the services or store using third-party apps and services.”

In this blog, we detail common risk areas for your Microsoft 365 data, and how to reduce these risks, accelerate and protect your organization’s cloud projects, deliver on SLAs, and efficiently meet compliance requirements by leveraging Druva’s proven and comprehensive data protection and recovery solution for the Microsoft 365 product suite — including OneDrive, Exchange Online, SharePoint, and Teams.

User error

Leaving file management and backup in the hands of the end-user naturally opens enterprises up to the risk of mismanagement. End-users and admins alike may occasionally delete or overwrite files accidentally, especially when many users are creating and collaborating on projects. Additionally, the synchronization features of SaaS apps are not perfect, and files may sync incorrectly, potentially leading to data corruption. 

Accidentally deleted or corrupted data is lost forever if discovered after Microsoft 365’s saved data window concludes (as little as 30 days depending on user agreement), and users may not realize their data was deleted until months later. Unfortunately, data is likely lost forever in these situations. 

Druva defends your organization against accidental deletion, overwrites, and data corruption by offering a number of key advantages:

  • Unlimited data retention
  • Complete data isolation in an external environment
  • Ongoing automatic data backup
  • Flexible and granular recovery
  • Easy-to-use self-service recovery, or IT-led recovery
  • Many recovery options, including individual file or bulk recovery, as well as recovery outside Microsoft 365


A constant threat to IT teams, ransomware often enters the organization by way of disguised email links or USB drives. Ransomware threats to Microsoft 365 are exacerbated by OneDrive’s file sharing and synchronization characteristics, making it prone to explosive growth which can even affect files in user recycling bins. 

By the time an attack is detected, many files may be corrupted. In the best case scenario, Microsoft 365’s native security allows recovery from versions at an individual file level. This approach is ineffective when dealing with multiple corrupt files owned by many end-users. In the worst case scenario, there may be no means to return to clean data, and enterprises lose money every second employees can’t work. 

Only a solid, third-party solution like Druva meets the cyber resiliency requirements today’s organizations demand. Druva quickly recovers your system to clean data, returning employees to work, and negating the harmful effects of ransomware with the following features:

  • Anomaly and unusual activity detection quickly identify the scope of a ransomware attack
  • Data retention enables full backup to pre-attack files
  • File recovery in minutes through an intuitive and easy-to-use UI 
  • Flexible recovery options
  • Built on proven AWS infrastructure, full, air-gapped, and isolated backups in the cloud ensure safety, no matter the attack

Data retention, compliance, and legal requirements

It is more important than ever that organizations comply with state, federal, and international regulations related to data management, as well as corporate governance policies. Microsoft 365 offers data audit logs with up to 90 days’ of saved information, falling far short for many industries, such as healthcare, where organizations are required to keep records upwards of seven years. 

In addition, legal teams have the added responsibility of ensuring data is in compliance with eDiscovery and hold policies to avoid costly penalties. Adding to this challenge, legal hold capabilities are only offered on more expensive Microsoft 365 plans, which do not easily integrate with eDiscovery tools and only cover Microsoft 365 data — potentially missing data stored outside of the platform in other applications or endpoints. 

To close the gap, Druva enables compliance with retention regulations and governance requirements, and provides support for legal hold and eDiscovery by offering the following capabilities:

  • Unlimited data retention options
  • Simplified retention to eliminate management complexity
  • Full and flexible audit history to meet today’s compliance requirements
  • Comprehensive legal hold support for Microsoft 365 and other SaaS solutions, endpoints, the data center, and AWS
  • Automatic, full data collection across enterprise workloads, not just Microsoft 365 data, without disrupting employees
  • Faster exports, multiple file formats, and bulk custodian holds
  • Simple integration with third-party eDiscovery tools

Internal threats

Apart from the ever-present threat of malicious external forces like ransomware, admins must also be wary of threats from inside the organization. When employees leave an organization, an unfortunate common occurrence is the loss of business-critical data with them. In addition, for one reason or another, employees may attempt to delete or tamper with sensitive data on their way out the door. Once an employee leaves, their Microsoft 365 account may be suspended, preventing IT from easily accessing it to assess and undo any damage. Archiving employee accounts does not retain deleted data, and in many cases, corrupt activities such as bulk deletion could have started months ago. Without a proper solution, there are few ways to protect the organization from these efforts. 

Druva provides your enterprise with a strong defense against malicious actors, enabling the combat, detection, and prevention of internal threats via the following:

  • Consistent data capture, including deleted files, with continuous backup and unlimited retention
  • Historical copy isolation outside the Microsoft 365 environment
  • Restoration of departing employee data back to his/her manager, even outside the Microsoft 365 environment
  • Data investigations and forensic analysis with built-in search and analytics

Key takeaways

By taking the guesswork out of Microsoft 365 data protection, your organization is free to support new cloud initiatives and accelerate projects. Druva delivers critical insights, and security for your Microsoft 365 data, enabling compliance, data retention, legal hold, and eDiscovery. This simplifies management under one comprehensive solution, reducing TCO. We offer a proven track record helping many of the world’s preeminent organizations protect their investment in Microsoft 365, including Exchange Online, SharePoint, OneDrive, and Teams. 

For more on protecting your Microsoft 365 data, read the cloud architect’s guide to Microsoft 365 backup


¹ Microsoft, “Microsoft Services Agreement,” August 1, 2020.