Office 365 has three major components: Exchange Online, SharePoint Online, and OneDrive for Business. Microsoft provides a few native data recovery features, but for organizations that need to be able to recover from any data deletion, these native methods aren’t sufficient.
Let’s see how the data protection method in each native feature holds up to real scenarios
There are two methods provided by Microsoft that administrators can use to secure Exchange Online data:
In Exchange Online, deleted mailbox items are stored in the Recycle Bin (also called the deleted items folder). If users empty the Recycle Bin or permanently delete items by using the shift+delete command, the items are moved to the recoverable items folder. While users themselves can restore the items from the deleted items folder, items in the recoverable items folder can only be restored by an administrator.
Mailbox items (emails, contacts, journals, notes, posts, and tasks) are retained for 30 days, and calendar entries for 120 days.
If an administrator empties the recoverable items folder, or if the maximum retention period is reached, the deleted objects can’t be recovered.
There’s only a limited window within which administrators can restore a deleted item, and this window is reduced even further if an admin has cleared the second stage Recycle Bin, either unwittingly or with malicious intent.
When a retention policy (also called a litigation hold) is applied to a mailbox, no data in the mailbox can be deleted as long as the hold is in effect.
However, rogue administrators or people with privileged access can still delete items from a mailbox by removing the hold and reapplying it after the deletion is successful. To overcome this glaring loophole, Microsoft provides a feature called retention lock or preservation lock. A retention lock ensures no one, not even administrators, can turn off the retention policy or make it less restrictive. However, administrators can widen the scope of a retention policy by adding additional mailbox folders to the policy or extending the duration of the lock.
Litigation holds are effective only when coupled with a retention lock, but enabling the retention lock is an irreversible action. Depending on the size of an average mailbox in your organization and your Exchange Online/Office 365 plan, the size of your mailbox items can quickly add up and exceed your allocated quota, requiring you to purchase additional storage space.
Additionally, Microsoft has already made it clear that rolling out point-in-time restoration for Exchange Online is not in its plans. Some organizations still use litigation holds as an alternative to backups. If a ransomware attack were to occur and encrypt all your mailbox data, you would be unable to get rid of all the infected mailbox items and, most importantly, not be able to recover all the data in your mailbox.
The ideal solution to overcome the native tools' limitations is to deploy a solution like RecoveryManager Plus, which allows you to back up all Exchange Online mailbox data, store it securely within your premises, and perform restorations as and when needed.
Ransomware is a real threat to data, and a white hat hacker has developed a ransomcloud strain that can encrypt Office 365 emails in real time. The only logical way to get back all your mailbox data is if you already have a backup system in place, as a litigation hold is ill-equipped to deal with ransomware attacks.
Hybrid restoration: If your organization deploys a hybrid Exchange system, RecoveryManager Plus can be used to restore backups of Exchange Online mailbox data to an on-premises Exchange mailbox and vice-versa.
These are the native features administrators can use to secure SharePoint Online and OneDrive for Business data:
In SharePoint Online and OneDrive for Business, deleted items are moved to the Recycle Bin where they are retained for 93 days. Even if users empty their Recycle Bin before the 93 days are up, the items are moved to the second-stage Recycle Bin (also called the site collection Recycle Bin), only visible to the administrators, and retained for the remainder of the 93 days. Once the 93 days are up, the items are purged from Office 365 and cannot be recovered by the user or the administrator.
Microsoft retains a copy of all site contents for an additional 14 days beyond the 93 days, and administrators can contact Microsoft Support to request a restore any time within the 14-day window. However, there are no SLAs for this action, and there is no guarantee on how long it could take to see the data restored in your sites.
When an employee leaves the organization and their user account is deleted, the user’s manager is provided access to the user’s OneDrive for Business account. After 30 days, the contents in the OneDrive for Business files are deleted and can only be recovered by an admin.
Once the content has been deleted, the items are placed in the Recycle Bin. The items in the Recycle Bin are not indexed, so administrators cannot use eDiscovery to locate specific content and restore it from the Recycle Bin.
A retention policy can be applied to entire SharePoint Online and OneDrive for Business sites to prevent users from deleting any data: however, retention policies need a retention lock to be fully effective.
If your organization regularly applies litigation holds to multiple SharePoint Online and OneDrive for Business sites, the used space in your sites can quickly build up and exceed your allocated quota, requiring you to purchase additional storage space.
Office 365 provides administrators the ability to rollback all files and folders in OneDrive for Business sites to a previous version. This feature allows you to recover from large-scale disasters like ransomware and malware attacks on your OneDrive for Business sites.
OneDrive for Business uses file versioning history to perform this rollback, and this feature cannot be used if version history is switched off.
Even though Microsoft provides a way to detect ransomware and recover from it, it also lists a few limitations of this feature.
According to the survey conducted by Cybersecurity firm Emisoft, the cost of ransomware attacks in 2019 is estimated to be around $7.5 billion. They discovered that it costs $8.1 million and 287 days to recover from a single ransomware attack. Being unable to restore data can be the difference between surviving a disaster like ransomware or being a footnote in the statistics.
With its custom backup retention feature, you can trim the size of your SharePoint Online and OneDrive for Business while still keeping all relevant files and folders within your premises. Store data for as long as you need without having to pay exorbitant prices for additional storage.
Evaluate RecoveryManager Plus and find out how easy it is to secure all your Office 365 data. Support is included in your trial if you need any assistance. Download your fully functional 30-day free trial today.
