The Top 10 Office 365 Backup And Recovery Solutions
Discover the top ten best Microsoft Office 365 recovery and backup solutions. Explore features such as automated backups, reporting and deduplication.
Having a comprehensive and adaptable Office 365 backup and recovery solution in place is increasingly important for Microsoft 365 customers. Backup and recovery solutions capture a point-in-time copy of a file, database or even an entire computer and write the data out to a secondary storage device so that users can recover it in the future. This means that any data that’s deleted accidentally can easily be recovered, but it also means that files are protected against ransomware attacks. These threats involve a hacker holding data hostage until the victim pays a ransom.
Microsoft doesn’t provide native backup for Microsoft Office 365. In fact, the default settings only protect data for 30-90 days on average. This can lead to a lot of complications when organizations believe their systems are backed up, and later find that items have disappeared. But if Microsoft hasn’t covered it, you might ask, why are backup and recovery so important?
A recent report found that threats in Office 365 have grown by 63% over the last two years. Additionally, Microsoft’s 2020 Digital Defense Report stated that ransomware was the most common reason behind their incident response engagements from October 2019 to July 2020. With the risk of attack on the rise, it’s crucial that you have a strong backup and recovery solution in place to secure your data in the event of a breach.
In this article, we’ll explore the top solutions designed to protect your organization against data loss through backup and recovery. These include features such as real-time backups; rollback and restoration; role-based access to backups and reporting; and the protection of remote sites and public cloud workloads. We’ll give you some background information on the provider and the key features of each solution, as well as the type of customer that they are most suitable for.
Acronis Cyber Backup
Acronis is a leading backup software, disaster recovery and secure data access provider. Acronis’s Cyber Backup solution is a software that offers file backup and disaster recovery, as well as a secure file sync and share feature. Cyber Backup is one of the fastest recovery solutions on the market, using Acronis’ runVM technology to provide instantaneous recovery that minimizes user disruption and boosts company productivity. Cyber Backup is available to purchase as a standalone service, or as a part of Acronis’ Cyber Protect solution, which also includes automated infrastructure, web and endpoint protection.
Acronis’ Cyber Backup solution offers proactive ransomware protection powered by AI technology, which prevents unauthorized file modification and encryption. It verifies the authenticity of backup copies before restoration to ensure complete security, and restoration is immediate and reliable. Admins can manage all data protection tasks through the Cyber Backup management console. This console is web-based, so admins can assess information no matter their location. This flexibility also applies to the protection itself; Cyber Backup protects all company data sources across 20+ different virtual, physical, cloud and mobile platforms, so that data is always secure no matter its size or where it’s stored.
Acronis’ data protection solutions are industry targeted, with solutions designed specifically for automotive, healthcare, energy and government verticals. Customer reviews report that the solution is easy to deploy and manage across both Windows and Linux servers. On top of this, Acronis’ products and documentation are available in 25 languages. All of this makes Acronis’ Cyber Backup an ideal backup and recovery solution for medium to large global enterprises looking for data protection tailored to their industry needs.
Altaro Office 365 Backup
Altaro is a market-leading vendor for backup and recovery solutions for SMBs and MSPs. Altaro Office 365 Backup is their MS O365 replication and restoration software solution that focuses on backing up Office 365 mailboxes and files stored within OneDrive and SharePoint. Office 365 Backup is cloud-based, which makes it easy to deploy and configure. The solution is also easy to manage via a central cloud management console, from which admins can configure full and granular data restorations.
Altaro Office 365 Backup automatically creates copies of emails, attachments, contacts and calendars, as well as files stored within SharePoint and OneDrive, up to four times a day. These are written out to a secure cloud location on Altaro’s Microsoft Azure infrastructure, which allows users to benefit from unlimited storage. Admins can manage and monitor an organization’s backups through a single online console, where they can view current operational activity, restoration history and the organization’s health status. Through the console, organizations can carry out full or granular mailbox restorations, sending recovered content either to the original mailbox, a different mailbox within the organization or to a secure zip file at the user’s discretion. OneDrive and SharePoint backups are restored in largely the same way, with the same options for restoration destination. Users are guided through the restoration by a simple wizard tool, that makes the process quick and easy to carry out.
On top of the features of the solution itself, Altaro offer excellent customer support; their technical team are on call 24/7 and have an average response time of less than 30 seconds. Altaro Office 365 Backup is extremely scalable, so it’s a great solution for small organizations right up through to large enterprises looking for a user-friendly recovery solution for Office 365 mailboxes, as well as SharePoint and OneDrive document libraries.
Carbonite Backup for M365
Carbonite, acquired by information management leader OpenText, specializes in data protection from creation, through utilization, until deletion. They protect the data lifespan of over 100,000 small businesses globally. Carbonite Backup for M365 is their data backup solution designed to provide comprehensive backup and disaster recovery capabilities for Microsoft’s entire suite of 365 apps. Once deployed and integrated through Microsoft Active Directory, Carbonite’s solution enables administrators to recover entire sites, but also carry out granular, file-level recoveries, including email communications.
Carbonite Backup for M365 runs automatically in the background to perform incremental backups and secure each user’s Microsoft 365 cloud data. Backed-up data is encrypted and written out to a secure secondary instance in Microsoft Azure. These backups take place automatically up to four times per day. Admins can manage backups from a secure web-based dashboard, where they can access backup information, audit reports, APIs and exports, as well as configure role-based access.
Recovering data is made quick and easy with Carbonite’s simple search feature, which allows admins to carry out restorations based on the user, subject line and content type, among other fields. Finally, the solution includes 24/7 onboarding and recovery support from Carbonite’s technical team, a feature that other vendors may typically charge extra for. Carbonite Backup for M365 offers protection for all SharePoint, OneDrive, Teams, Exchange, Groups and Planner data, as well as public folders.
Commvault Backup & Recovery
Commvault is a market leader in data and information management, offering intelligent, scalable solutions. Their powerful, effective products have resulted in Commvault being recognized as a Leader for eight consecutive years in the Gartner Magic Quadrant for Data Center Backup and Recovery Solutions. Commvault Backup & Recovery is their enterprise data backup solution, designed to protect data for all workloads across both cloud and on-premise environments via a single web-based interface.
Commvault Backup & Recovery automates all of its file retention processes, as well its proactive discovery of newly added datasets. These processes are policy-driven, as are the monitoring and reporting features, which remove the need for lengthy scripts. Data is encrypted and written out to a secure cloud location. Deduplication technology removes duplicate or redundant data copies to improve storage efficiency and increase the amount of data that can be transferred at once.
Some customers find Commvault Backup & Recovery complex to deploy, due to the requirement for several components to be installed and configured, but most are in agreement that the powerful protection provided as a result is worth the effort of setting it up. We recommend Commvault Backup & Recovery as a strong solution for larger enterprises looking to back up a range of file systems, applications, databases and cloud-native SaaS.
Dell Technologies PowerProtect Data Manager
Dell Technologies focuses on empowering organizations through digital transformation. They offer a range of solutions and products that secure IT infrastructure, individual employee devices and wider industries. PowerProtect Data Manager is Dell Technologies’ main data backup and recovery solution, designed to protect physical, virtual and cloud environments. The solution provides software defined data protection as well as automated discovery and deduplication. It’s available as a stand-alone solution and as a part of Dell’s Data Protection Suite, which also includes Avamar and NetWorker.
PowerProtect Data Manager is software defined, which allows it to protect data across both applications and cloud-native IT environments. Customers have the option to write backups out to the cloud for long-term retention and disaster recovery, as well as to self-manage backup and restore directly from native applications. The management console is also cloud-based. This means that admins can easily access backup information and monitor recoveries for any device from any location. From the console, admins also have complete oversight and governance to ensure compliance. PowerProtect also offers automated deduplication, which takes the strain off system resources. The solution is designed and delivered in a modular, agile way, which means that Dell can deliver updates and new features rapidly to help combat new and emerging threats.
Dell’s PowerProtect Data Manager is built around simplicity, agility and flexibility. Dell has released three new updates for it in the last year, demonstrating investment and dedication to providing security against even the latest threats. Customers praise this solution as being easy to use and manage, despite there not currently being a unified management console to cover both on-premise and public cloud environments. We recommend PowerProtect Data Manager for both SMBs and larger enterprises looking for a powerful, up to date data backup and recovery solution.
Druva offers data protection across data centers, cloud applications and endpoints via a SaaS platform. Their native cloud architecture allows customers to streamline their security, whilst reducing administrative overhead. Druva Phoenix is their scalable, cloud-native solution that secures data from human error, ransomware attacks, and non-compliance penalties as a result of gaps in data retention policies. It also gives admins critical insights into their Microsoft Office 365 data and projects via their dashboard.
Druva Phoenix detects, investigates and responds to insider threats before any accidental damage can be done. In the case of deletion, the solution restores data to its original location with an automated search and restore feature. The solution also offers protection against ransomware, notifying users of any data risks. It separates data and metadata to simplify cleansing and recovery and make restoration faster. This solution’s backups are all covered by the same consistent retention policy so that admins can easily monitor data compliance. From the dashboard, admins can view data activities chronologically by user, which makes it easier to identify and remediate sensitive data risks at rest.
As well as MS O365 backup, Druva’s Cloud Platform provides disaster recovery and endpoint backup. Each of their solutions is available on-premise and in cloud, and they’re able to cover branch/remote offices as well as an organization’s main office. No matter their location, admins can monitor recovery activity across all protected devices from a single interface.
Because Druva Phoenix is cloud-based, it doesn’t require any infrastructure installation. Admins can manage their data through one interface within 15 minutes of purchasing a subscription. We recommend it as a strong, comprehensive SaaS backup and recovery solution for mid-market and enterprise organizations.
Rubrik offers three main backup and recovery products: Rubrik Cloud Data Management (RCDM), their core backup platform; Polaris, their SaaS-based platform; and Mosaic, which offers protection for NoSQL workloads. We’re going to focus on Rubrik Polaris. Polaris provides hybrid cloud enterprises with instant data backup and recovery for their Microsoft O365 applications, leveraging advanced search tools and granular restoration to mitigate data loss.
Polaris’ backups are long-term and scale with the organization’s O365 environment. Users can perform full restorations, but also more granular restorations, such as a OneDrive folder or individual email. The file-level search tool allows users to find specific backups quickly to ensure a smooth recovery from data loss. Polaris also features Radar, which uses machine learning to monitor the Polaris backup environment for any unusual activity, which allows the solution to quickly detect and remediate ransomware threats before they can cause damage. The machine learning element ensures that threat detection is up to date, securing data against new and emerging threats.
Finally, admins have access to full centralized management and reporting tools for all on-premise and cloud devices from a single platform. From here, they can view all backup and recovery activity, as well as automate policy assignments. This is particularly useful for large-scale MS O365 environments.
Rubrik Polaris allows organizations to protect their data within minutes of purchasing a subscription. The solution is fully compatible with Office 365 and Azure and can be connected with those subscriptions via OAuth. All data and metadata is encrypted and remains within the organization’s Azure subscription. Polaris is a strong backup and recovery solution for larger enterprises looking for an effective backup solution that’s easy to deploy and manage.
SolarWinds is an IT infrastructure provider. SolarWinds Backup is their cloud-based backup and recovery solution for physical and virtual servers, workstations, critical business documents and Microsoft O365. Compatible with on-premise, cloud and hybrid environments, it secures organizations no matter the state of their cloud transition. The solution offers storage in SolarWinds’ global private cloud for fast and reliable recovery and is managed from one centralized dashboard.
SolarWinds Backup is optimized for fast data transfer between an organization’s systems and their global private cloud over the WAN. Storing backups in their own cloud means that there’s no need for hardware, helping to reduce the strain on system resources. However, organizations also have the option to write backups out to their own hardware if they wish to have a local copy to hand. The SolarWinds Backup provides a multi-tenant hosted dashboard that to allows admins to check backup statuses, schedule backups and recover data across all servers, workstations and business-critical applications from one place. This eliminates the need for multiple backup solutions and makes the whole platform easier to manage. The solution offers multiple options for the recoveries themselves, including bare metal, physical-to-virtual and virtual-to-physical recoveries.
SolarWinds Backup was designed specifically for the cloud and is optimized for efficient data transfer that minimizes strains on bandwidth and system resources. Customers praise this solution for its easy deployment and automation options for scheduling backups that reduce the need for manual configuration. SolarWinds Backup is an ideal solution for MSPs and organizations looking for an effective backup and recovery solution with private cloud storage included, that’s simple to install and manage.
Veeam Backup for Microsoft Office 365
Veeam is a global market leader in backup and recovery solutions, holding the highest market share in EMEA (Europe, the Middle East and Africa) and the third-largest share worldwide. 82% of Fortune 500 companies are in the Veeam client pool and trust this vendor with their data. Veeam offers a range of solutions to fit business needs, with their Backup & Replication solution being one of their most popular flagship products. However, Veeam also offers Veeam Backup for Microsoft Office 365 as a standalone product to protect and restore Microsoft O365 data, including Office 365 mailboxes, Exchange, SharePoint, OneDrive, OneNote and Teams.
Veeam Backup for Microsoft Office 365 enables users to back up their data as often as every five minutes in Microsoft’s native format, which makes file recovery much quicker. A key benefit of this solution is its flexibility. When it comes to the data restoration itself, Veeam offers 25 recovery options to cover all incidents, from complete recovery to more granular file-level recovery. Users also have the option to choose what type of retention they want; traditional item-level storage, or snapshot-based incremental storage. Organizations can store their data in whichever way best suits them: on-premise with available local storage, or in the cloud using one of many available object storage options, including AWS S3, Azure Blob and IBM Cloud.
Customers praise Veeam’s solution for being easy to manage through the user-friendly dashboard interface once configured, though the initial setup can be complex, especially for hybrid environments. Its flexibility makes Veeam Backup for Microsoft Office 365 a strong solution for midmarket and enterprise organizations looking for reliable backup. But small businesses shouldn’t feel left out – Veeam has recently introduced Backup for Microsoft Office 365 Community Edition, which protects up to 10 users for free with no feature limitations.
Zerto Backup for Microsoft 365
Acquired in July 2021 by Hewlett Packard Enterprise, Zerto is a cloud data management and protection technology that offer data protection, backup, recovery and workload mobility solutions for on-premise virtual environments and public clouds. Zerto Backup for SaaS, powered by Keepit, is their cloud backup and recovery solution designed to protect the most widely-used SaaS solutions, including Microsoft 365, Dynamics 365, Google Workspace and Salesforce.
Zerto’s disaster recovery is founded on continuous data protection (CDP). It uses journal-based technology to log all changes that are made during a specific period, so that the user can recover data from any point-in-time, right down to the second. Cloud-to-cloud backup ensures the security of all Microsoft 365 data, including Exchange, Teams, Sharepoint and OneDrive. It also enables businesses to access their data even if their SaaS application is experiencing downtime. Zerto automatically retains all Microsoft 365 data for 12 months, but customers can set the retention period as needed with no limits. Restoration options span from full recoveries to granular data points, and with the Search & Restore feature, users can locate and restore data via a simple keyword search.
Deployed in the cloud, the solution is easy to set up and configure, with no on-premises installation required. We recommend Zerto for larger enterprises looking for all-in-one protection and disaster recovery for their Microsoft 365 data.
Best MS Office 365 Backup Solutions Comparison
At a Glance
- Veeam (on-premise) software is the most complete Microsoft (Office) 365 backup solution, followed by (cloud services) Afi.ai and Spanning
- This comparison includes top 9 tools out of 40+ total vendors on the market. Backup/restore reliability, support quality and feature sets are the main factors that we analyzed.
To make this comparison we used feedback from our customers and partners who installed each solution and used them for 2+ weeks to evaluate each M365 backup option.
Afi.ai itself develops a Microsoft (Office) 365 backup platform (see the product if you’re interested). We attempt to remain as impartial and objective as possible, and we hope that you will find this review useful when evaluating your options (in the absence of Microsoft 365 backup bencmarking analysis published by independent analysts).
Why O365 Backups Are Imperfect
Microsoft 365 consists of multiple interconnected applications and distinct data types. Backup applications pull this data from O365 using Microsoft APIs.
Importantly, Microsoft does not provide a single unified API to access all M365 applications & data. Backup vendors have to rely on a combination of multiple new and legacy APIs to backup and restore the Office 365 data that it accessible (and ignore the data that is inaccessible via the APIs).
Because of frequent M365 updates, it is time-consuming and expensive to support every data type. M365 cloud backup vendors instead focus on a subset of Microsoft 365 applications that they consider to be the most relevant. These priorities differ from vendor to vendor, and the quality of the implementation differs as well.
No vendor backs up all O365 data due to API limitations; backup accuracy & restore fidelity differ greatly across vendors
The quality and completeness of O365 backup therefore varies greatly among vendors mostly because:
- Tech legacy & historical reasons resulted in not just one single API for Microsoft 365, but a combination of a few
- Existing APIs are limited and some M365 applications have no dedicated APIs (e.g. Teams that have to be backed up “indirectly” can can’t be restored)
- Frequent updates to M365 mean that new data types are constantly being added; M365 backup vendors need to make additional effort to support them
We assign a Backup Fidelity score for each vendor in this review to assess how accurately their tool backs up O365 data, and how many O365 data types it supports. In addition to O365 Backup Fidelity we include 9 other metrics (see the next section) which together assess the most relevant capabilities of MS Office backup tools.
O365 Backup Features Checklist
Most tools provide the same basic O365 backup features that include support of Exchange, OneDrive & SharePoint data types, automated (scheduled) backup runs, and the ability to export/restore data back to O365 user accounts.
Where the solutions differ greatly is the accuracy of the O365 data backup, the granularity of their restore options and the reliability. We analyzed 10 critical capabilities summarized below.
Critical Microsoft 365 backup features include 10 capabilities that reflect solutions’ reliability, security, feature set and cost
Best O365 Backup Solutions
We believe that Veeam, Afi and Spanning have the best Office 365 backup solutions.
Other products we reviewed offer less in terms of the backup scope, accuracy, reliability and backup management features. Relevant missing features in most solutions include (absent) support of Exchange public folders, no email archive backup and inadequate roles/access control settings.
Veeam (1st place) offers an on-premise solution and holds 27% market share; Afi SaaS backup (2nd place) and Spanning (3rd place) are both cloud-based solutions
Veeam Office 365 Backup
Veeam has intuitive UI and wide range of supported O365 data sources, including Teams data sources (Chats, Channels and Teams Sites). It is also one of the only two Office 365 backup tools that provide full-text search capabilities for Exchange Online.
Veeam has the most complete O365 support, but the traditional software approach has limitations and hinders its adoption
Veeam solution is sold as traditional on-premise software. It needs to be installed on a Windows machine and be connected to a storage repository. This deployment model enables greater control but is often less desirable for organizations aiming to minimize the complexity associated with the need to maintain and manage server and storage infrastructure.
The Veeam (on-prem) software deployment model is as cloud solutions, and when the number of O365 users exceeds around 4,000 it may be hard to use. The initial backup for an organization with 4,000 users and approx 80TB in M365 storage may take 3+ weeks, and the software will require a powerful [=expensive, with flash storage and lots of RAM] server to perform even regular incrmental backups afterwards.
To use all Veaam features you will need to install additional applications and libraries, including Veeam Explorer for SharePoint, Veeam Explorer for Exchange and Veeam Explorer for Microsoft OneDrive for Business (these are required for backup preview). To use indexed search for Exchange you will also need the Extensible Storage Engine library installed on your backup server.
Afi is the sponsor of this review. We will not provide a detailed product description in this blog post (see the
if you’re interested).
In short, we believe that Afi O365 backup is second only to Veeam; its unique features include integration with Azure AD (enabling protection management by O365 user groups), cloud-based full-text search and AI-powered anti-ransomware.
Spanning is #3 and it offers a Microsoft 365 cloud backup service with advanced features such as customer-managed encryption key, audit log and out-of-the-box integration with Kaseya RMM.
The solution showed strong backup/restore speed (3.5 MB/sec) in the test, with average reliability (95% success rate).
Spanning disadvantages include incomplete SharePoint backup support (web pages can’t be restored correctly, document library files can’t be exported offline) and partial Teams backup (only team sites are backed up, without Chats or Channel conversations).
Veeam Software Details
O365 Backup Fidelity
Veeam backs up all key O365 applications, including Exchange Online, SharePoint and OneDrive. It accurately retains data from all Exchange mailbox data types (Notes, Tasks, shared email folders and Skype conversation history).
The solution backs up Shared mailboxes (shown as separate resources in the domain list of users & Sites), as well as the Classic (legacy) SharePoint Sites.
Veeam provides full support of Teams backup, including Teams Sites, Channels and 1-1 Chats backup (restore back to M365 is unavailable due to M365 API limitations).
The system limitations include lack of support for OneDrive shared files (the files shared between O365 users are ignored when the recipient users are backed up), and incomplete support of Teams Lists – they are included in backups, but Veeam restores them as binary files that cannot be red by M365.
Veeam uses traditional backup schedules approach to manage backups. Admins need to configure the time and frequency of each backup schedule and specify which resources should be backed up. While this approach provides greater control over the backup process, it is no longer used in modern cloud Office 365 backups as it creates management complexity and overhead.
A newer SLA-based approach to backup management (used in Afi and some other modern Office 365 backup options) enables to set protection settings (backup frequency and type of resources that need to be protected) without the need to manage the exact time of backups.
The system lets you configure auto-protection for the entire domain. However, it will only work if you have enough spare licenses inventory purchased in advance.
Access Control & Audit
Veeam has more limited access control settings compared to any cloud Office 365 backup because of the limitations inherent in the on-premise deployment model (Veeam needs to be installed as a Windows app).
The system has no web-based management interface and in order to manage backup & recovery the administrators should remotely connect to the server where Veeam O365 backup is installed.
Veeam does not have configurable admin roles or permission settings, and access to backups can only be limited at the Windows sever level (all who have access to the machine will have equal access to backups).
Similarly to admin roles, Veeam has no user self-service capabilities because access management is not implemented at the level of the backup software.
Only a limited set of Veeam system events are logged, with no audit trail recorded for data preview & browsing operations or application access. The events that the system does log only identify the account used to sign in Windows, with no authentication implemented at the Veeam application level.
Search & Backup Preview
Veeam enables backup data preview for Exchange mailboxes as well as OneDrive and SharePoint sites backups. To use it you need to install three additional local software tools (Veeam Explorer for SharePoint, Veeam Explorer for Exchange and Veeam Explorer for Microsoft OneDrive for Business).
The system lets you compare backed up version with the current state of the mailbox (for example, to find deleted or moved items), which accelerates the recovery in many cases.
Unlike virtually all systems (except for Afi), Veeam enables full-text email search in backup data using the Extensible Storage Engine library that needs to be installed locally.
Restore & Data Export
Veeam restore works reliably (93 of 94 mailbox and OneDrive recovery attempts completed without errors).
Every restore operation requires a password (either O365 admin account or Azure application password depending on the authentication mode, see deployment details), which slows down the restore process.
Because the software is installed locally, it can only export data to the local Windows machine where Veeam is installed. Mailbox export in PST format requires MS Outlook installed on the server.
Reporting & API
There is no web-based reporting since Veeam only provides local UI, but you can generate protection status and backup job reports in PDF.
You can also connect Veeam O365 Backup to Veeam Backup and Replication (their flagman product) to get high level summary for backup and protection status, reported along with metrics for the rest of your on-premise infrastructure.
The system has REST API, as well as PowerShell command line interface, which enables scripting & automation (available locally; you need to set up PowerShell Remoting to enable execution of scripts remotely).
Veeam Office 365 backup solution has no email notification capabilities since it cannot connect to an SMTP server. Given that it is an on-premise system that requires monitoring and maintenance we believe that the email notifications are a must. One way to implement the notifications is to install Veeam Backup and Replication (VBR) separately (licensing cost is approx. $400 per year for Starter edition). You will then be able to connect Veeam O365 with VBR, which in turn can be connected to an SMTP server.
Performance & Reliability
Veeam backup speed and success rates are slightly above the averages. The backups are completed at 2.3 MB / sec, and the backup success rate averaged at 98% (the few errors that happened were due to network connectivity).
Veeam network connectivity error message
Upon the initial set up the discovery of SharePoint Sites took approx. 3 hours, which is an unusually long time for a domain with only 13 users and 5 Sites.
Without the Extensible Storage Engine library the search functionality works very slow even for small accounts (5+ minutes for a 3 GB mailbox).
Deployment & Maintenance
Veeam software must be downloaded and installed manually. The installation requires a physical machine or a VM with a Windows Server, in addition to a storage repositary (local or cloud). Veeam supports AWS S3, Azure Blob (only Premium, Hot and Cool options) – Archive tier is not supported, and other S3-compatible storage.
The system can be configured to store backups in multiple backup storage destinations. You will need to create multiple backup schedules and specify different backup storage locations (each backup schedule can store data in a single storage location).
In order to connect Veeam to O365 you will need to manually configure authentication and access permissions, which requires some technical expertise. In short, you should create a custom Azure application with an access certificate and then assign administrator access roles to the application O365. Veaam O365 backup will use this Azure application to securely connect to your O365 account. Alternatively, there is a less secure legacy connection option (you’ll need to type O365 admin credentials in Veeam O365) which is easier to implement.
Licensing & Cost
Veeam licenses can be purchased in bundles of 10 . The price per one license is $18 annually (so the minimal purchase is $180). The software is free for less than 10 protected users.
One Veaam license is required for every O365 user and Shared mailbox. All users who have access to SharePoint Sites must be licensed to backup the Sites. This effectively means that you need to license all users in the domain in order to backup SharePoint Sites.
At $18 annual cost Veeam is 40% cheaper than most Office 365 cloud backup services (around average $30 annual license cost). However the total cost of a DIY Office 365 backup solution based on Veeam software will also include infrastructure costs and approx. 60% of a full-time employee (FTE) to monitor & maintain it.
Cost components of DYI (do-it-yourself) Microsoft 365 backup set up based on software licenses
The total do-it-yourself solution based on Veeam software would therefore cost $42 per user per year cost. However, the reliability of the solution would likely be lower than most cloud backup services, since the set up does not account for geo-redundant backup storage, anti-malware protection, or highly-available backup server or auto-scaling.
With these economics, Veeam solution makes sense if you already have in-house IT team that is underutilized and the Veeam backup monitoring and management efforts will utilize spare capacity.
Afi Backup Details
Afi is the sponsor of the research. We will not assign the scores to avoid being too biased, but we will provide a short overview of the features.
O365 Backup Fidelity
Afi was developed from the ground-up to support Office 365, however it is still subject to Microsoft API limitations (or the absence of thereof for some M365 applications).
Afi Microsoft Teams support includes Channels messages (public AND private), Channel attachments, 1-1 chats, team wiki and team sites. Teams chats data can be backed up and available for online search, preview and export (in a convenient html/xml format), however the messaging data cannot be restored back to O365. Please check out blog post if you want to learn more about Microsoft Teams Backup and related limitations.
Afi backs up modern and legacy SharePoint sites (unsupported by many vendors), as well as Shared mailboxes. One current limitation is backup of Exchnage online archive (the feature is planned to be rolled out in Nov 2020).
Afi is the only vendor that enables M365 user group-based backup management – you can use your Azure AD group structure to browse your resources and assign protection to existing or new users/sites/shared mailboxes.
Afi Azure AD-based O365 resource view
Access Control & Audit
In addition to industry standard capabilities (support of 2FA, MS SSO), Afi has custom admin roles which help configure limited backup operator access (IT staff with permissions to restore data & manage backups, but not able to view backups contents). Afi can also be configured to limit M365 super admins’ backup access.
Afi audit log captures all data preview, configuration and backup operations, in addition to session details (which includes WAN IP address).
Afi admin roles, user self-service configuration and Audit log
Backup Search & Preview
Afi provides real-time backup data preview and instant export/downloads (no need to request export and wait until a download link is generated), all data can be exported instantly in Afi.
Afi online backup preview and download options
Deployment, performance and reliability
Afi is a relatively new platform; it was developed in 2016-2017 (5-10 years later than most solutions on the market). It was built from the ground-up for the cloud and is deployed as a distributed container-based application in GCP and AWS. With 5.8 MB/s backup speed Afi is 2-3x faster than other services.
O365 Backup Fidelity
In addition to the standard data sources (Exchange Online, OneDrive, SharePoint sites), Spanning offers partial backup of MS Teams (limited to Team Sites) and backup of Skype for Business Conversation History.
Spanning SharePoint Sites backup is limited in that it cannot recover page libraries correctly. Spanning resotres webpages as plain aspx files that cannot then be opened by O365 SharePoint. Teams Wiki pages backup is limited in the same way.
Microsoft Teams backup includes Team Sites backup, however team channels, 1-1 messaging, team calendar, OneNote and team shared mailboxes are not supported.
Spanning does not let administrators select backup frequency or create custom backup policies by selecting applications to be excluded or included in backups. It performs automated backups once a day (while the 3x daily backup frequency is a de-facto market standard).
O365 Groups cannot be used for policy assignment and backup configuration. Only per user protection settings are available, which may be a problem for domains with 100+ users.
Spanning does not have auto-protection settings for newly created users or sites.
Access Control & Audit
All Spanning admins have equal rights without the option to configure limited roles for IT help desk technicians or restore operators (having the privileges to restore user data without the ability to see the contents). Only administrators can execute backup & restore operations, with no user self-service option.
The system keeps a detailed audit log of backup operations.
Backup Search & Preview
Spanning provides metadata search for Exchange Online, Drive, SharePoint backups. OneDrive and SharePoint document libraries directory structures can be navigated in order to locate the required file/folder. The system has no online preview for emails, contacts or calendar events.
Restore & Data Export
File restore from user OneDrive to SharePoint Document Libraries (or the other way around) is not supported.
Spanning cannot restore correctly the SharePoint web pages. They are instead restored to Document Libraries as binary aspx files (which MS SharePoint online cannot read correctly). Spanning does not support offline data export for Calendar and SharePoint backups.
Reporting and API
Spanning provides an API for licenses management, as well as a pre-built integration with Kaseya RMM (which owns Spanning).
To track O365 protection status Administrators need to export and process system events log offline (the system does not provide a summary online.
Deployment & Maintenance
Spanning provides a 100% cloud-based service hosted in AWS. It offers 3 storage locations that can be selected upon sign up (US, Ireland and Australia).
One interesting capability that the system provides is the customer-managed certification keys for data encryption (via AWS key management). This is an advanced option that enables customers to take full responsibility over the backup encryption, and revoke Spanning application access to the backup data at any time. This introduces an additional data security layer (all other vendors manage the encryption keys of the behalf of their clients). It is typically used by large enterprises subject to special compliance requirements.
Licensing & Cost
One backup license is required for every O365 user or a Shared mailboxe. SharePoint backup is not licensed separately and can only be protected if 90% of users in the domain are licensed.
License management module is easy to use and straightforward, with options to license individual users or all domain users in a single click.
Performance & Reliability
Spanning application showed fast backup speed (3.2 MB/sec), with its backup success rate (94%) in line with the industry average.
In some cases the on-demand backup jobs manually initiated by administrators may start with significant delays, seemingly at a random time (it takes from 15 minutes to 24 hours for a backup to start).
Other Solutions & Final Thoughts
Eight other O365 backup solutions that we reviewed provide more limited feature sets and less complete Office 365 support.
SkyKick (#4 in the review) solution is focused on Office 365 backup resellers, featuring modern and fast UI. However it has the same O365 data types support limitations as Spanning, the system has no offline export capabilities and uses legacy authentication (adds security risks, and requires 5 additional O365 accounts). SkyKick restore operations are single-threaded (making them very slow) and it provides no customer access to backup management (only MSPs can use it on behalf of their clients).
Frequently asked questions
1. Does Office 365 back up your data?
Microsoft does not provide a backup and restoration feature for your Office 365 data. Microsoft only provides retention policies to protect your data, but there are limitations. When a retention policy is applied to your Exchange Online mailboxes, or SharePoint Online and OneDrive for Business sites, end users cannot delete items in their mailboxes or sites. This can drastically increase the size of your mailboxes and sites over time. That’s why you need to invest in a third-party backup solution and even Microsoft recommends it.
2. Do SharePoint Online and OneDrive for Business provide backup and restoration features?
No. Microsoft periodically backup all files and folders in your SharePoint Online and OneDrive for Business sites as a part of its contingency planning. These backups are used to restore data to your SharePoint Online and OneDrive for Business sites in case any of Microsoft’s data centers are damaged. However, these backups cannot be used to restore your data when you might need them. Deploying a third-party solution that can back up all files in your SharePoint Online and OneDrive for Business sites is recommended by Microsoft.
3. How long do deleted items stay in Exchange Online?
When Exchange Online mailbox items, such as email, contacts, journals, notes, posts, and tasks, are deleted, the deleted items are held in the Recycle Bin for 30 days. Calendar entries are retained in the Recycle Bin for 120 days.
4. Can you recover deleted emails from Office 365?
Deleted emails are retained for 30 days and can be recovered by the administrator. Beyond this time period, they cannot be recovered unless you deploy a third-party backup solution for your Exchange Online mailboxes. An Exchange Online backup and recovery solution like RecoveryManager Plus allows you to restore deleted emails no matter when they were deleted.
5. How long do deleted items stay in SharePoint Online and OneDrive for Business?
Deleted items in SharePoint Online and OneDrive for Business sites are retained for 93 days and can be restored by the administrator.
6. Can you recover deleted items from SharePoint Online and OneDrive for Business?
Deleted items in SharePoint Online and OneDrive for Business sites are retained for 93 days and can be restored by the administrator. After 93 days, administrators can submit a request to Microsoft to obtain a copy of the data from an earlier backup within the next 14 days. Microsoft cannot provide you with a copy of the item. Restorations from backups can only be completed for site collections or subsites, not for specific files, lists, or libraries. Also, a service-level agreement does not apply to requests made after the 93 days, so it might take a long time for Microsoft to provide the data you require.
What is the retention policy in Microsoft 365?
Microsoft 365 retention policies and capabilities are varied across its numerous services and tend to change with some frequency. While each service comes with a default, retention policies can be customized by administrators and are often used by organizations to manage and govern their data by establishing a preferred schedule of retaining and deleting content. This practice, however, does little to absolve organizations from their data protection obligations.
How do we change the retention policy in Microsoft 365?
Retention policies can be applied in a variety of manners depending on the retention and deletion needs of an organization. They can be set to apply across an entire tenant or configured to affect only certain users and/or locations. Similarly, policies can be applied across all content types or restricted to content meeting specified conditions. For more detailed information on Microsoft 365 retention policies and how to manage them.
How long does Microsoft 365 keep emails?
The default retention setting for all messages and folders within Microsoft 365 is “Never Delete”. As such, Microsoft 365 emails and the contents of which should remain accessible unless acted upon by the user or systematically deleted via custom retention policy. In other words, Microsoft 365 has no stated policy of deleting emails automatically once they reach a certain age.
How long does Microsoft 365 keep deleted emails?
In the event that an email is deleted, it is first moved to the Deleted Items folder, which also has an unlimited retention setting. Items can be manually restored by the end user from the Deleted Items folder. If an item is deleted from this folder it moves to the Recoverable Items folder, which has a retention period of 14 days (admins can extend this period to a maximum of 30 days). Users and admins can recover items from this folder one at a time via a process known as Single Item Recovery. Once an item exceeds the retention period or is further deleted, it is moved to the Purge Folder.
Can you recover purged emails?
Emails that have reached the Purge Folder will be retained for a maximum of 14 days. From here, only admins are able to use the Single Item Recovery feature to recover items for their end users. Once the 14-day retention period expires, items are permanently deleted from the tenant and become unrecoverable if a backup solution is not in place.
What happens to inactive Microsoft 365 accounts?
Microsoft 365 accounts are generally rendered inactive in the wake of an employee’s departure or extended absence from an organization. An admin will often choose to remove this account in which case the user’s data and account become restorable for a 30-day period before it is permanently deleted. In order to avoid critical data loss, the admin should consider what they want to do with the license moving forward and how they would like to deal with the departed user’s OneDrive and email content before deleting the user (removing the account) from the organization.
Can deleted Microsoft 365 accounts be recovered?
If a Microsoft 365 user account is deleted from a tenant there is a 30-day window to restore the account and all associated data. This 30-day period in known as the “soft deleted” state and there is a documented process (dependent on the manner of deletion) by which an admin may fully recover the user account. Once this 30-day retention period expires, the account is permanently deleted (hard deleted) and cannot be recovered if a backup and recovery solution is not in place.
Why should we back up our Microsoft 365 data?
Microsoft has taken extensive measures to alleviate the risks of data loss within Microsoft 365 and has put safeguards in place to ensure your data’s safety from any fault on their behalf. However, they cannot protect you from the actions of your users and threats beyond their control that constitute the majority of data loss events.
Even with an SLA that promises to keep your data accessible 99.9% of the time, they make no guarantee that their services are immune from disruption and “recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.” The bottom line is that the safety of your Microsoft 365 data is your responsibility and Microsoft alone cannot defend you from data loss.
✅ Technology ⭐️⭐️⭐️⭐️⭐️