The Microsoft 365 suite provides a valuable set of business tools and assets that millions of people around the world rely on to accomplish their day-to-day tasks. These include popular services like Word, PowerPoint, and Excel, as well as the Exchange Online email messaging platform, OneDrive® cloud-based file storage, and SharePoint cloud collaboration tool.
Microsoft 365 (formerly known as Office 365) combines the accessibility and ease of use of the company’s tried-and-true programs with the benefits of cloud-based computing. This enables users to share and access files when working at the office, at home, or from different devices. However, because cloud-based computing inherently increases the surface area of a networked environment, the ease-of-access these solutions provide can also expose to an increased number of security risks.
One primary point of concern for many managed services providers (MSPs) is ensuring that data and assets are securely backed up. While Microsoft services and infrastructure have a strong reputation for high availability and reliability, the native security features of aren’t always enough to demonstrate compliance with data security standards. For instance, Microsoft 365 does not include backup solutions or self-service options for data recovery, nor is the company responsible in situations when hard deletes, deprovisioned accounts, or other site-specific recovery errors lead to potentially permanent data loss.
The limited options for reliably backing up data within the platform create a significant lack of IT oversight—which should be cause for alarm for MSPs. With end users looking to you to shore up their data security, keeping customer systems protected to prevent data loss requires a third-party backup solution. However, not all Microsoft 365 data tools are created equal. In this piece, we’ll touch on a few key criteria to look out for when selecting your software, as well as a few of our favorite tools that pass the test.
1. Focus on what you can control
When it comes down to it, the Microsoft data centers are ultimately outside the jurisdiction of your MSP. Instead of worrying about how you can’t control customers’ data, focus on the variables youcan control. In practical terms, this means providing backup services and data protection to customers to augment and expand upon the built-in features.
By providing your own services to customers, you can develop security strategies and define security policies for your customers to keep them safeguarded against a wide range of sources of data loss. Whether you’re dealing with an employee who accidentally deletes a file or a bad actor who launches a sophisticated malware attack, offering these additional services can protect your customers while they use third-party platforms.
2. Configure retention periods
While Office 365 does offer some retention options for deleted items, the platform is fairly limited when it comes to enterprise data backups and archiving. Exchange, for instance, retains items in the Deleted Items folder for 30 days before purging the files or messages permanently—but there is no data restoration feature in place. Once a file is gone, it’s gone for good.
That said, the Exchange admin center does allow MSPs to adjust these retention periods to match the specific needs of your customers’ security policies, whether that is a few days or a few years. Outlook® emails by default have 14-day backup periods, which can also be adjusted with administrative authorization.
There are a few limits to this functionality, though. While you can apply it to all Outlook email accounts, global administrator accounts with eDiscovery permissions are the only ones with the ability to restore deleted items. Recovered emails can be held for a specified duration or according to certain search filters (with a feature called Litigation Hold). This is a useful capability for MSPs to have in their toolbox, but the process of restoring items quickly becomes time-consuming, and therefore should not be relied on as the primary means of data recovery.
3. Adjust the OneDrive recycle bin to match
The collaborative element involved with OneDrive introduces an element of complexity, which can increase the likelihood of data loss if not properly accounted for. This is because OneDrive, in the process of tracking and managing edits from multiple users across multiple files, only retains the latest version of each file.
OneDrive does include a recycle bin feature, which stores the outdated file versions for 90 days by default and allows for previous file versions to be quickly restored as needed. Similar to Deleted Items folder in Exchange, you can configure the OneDrive recycle bin to hold onto older file versions for longer periods to better align with data security policies.
4. Deprovision strategically
When end users (employees) move on from your customer companies, a few things need to happen—one of the most important being that their user accounts need to be stripped of privileges to prevent them from potentially impacting business operations. This is especially important if the parting is not amicable or voluntary, or if the employee was involved in unauthorized access of restricted or sensitive resources. Depending on the specifics of your customers’ data security strategies and policies, you may retain these deactivated accounts for some time before deleting them to help ensure you don’t lose anything critical in the process.
This carries over to the employee’s various accounts as well, including Microsoft 365 subscriptions. You can choose to close a subscription for a former employee, but neither you nor your customers have any say over when it ultimately purges the account. The limited access window you have for these accounts is crucial to keep in mind—if a deactivated Microsoft 365 subscription leads to data loss, it has the potential of putting you at risk of violating retention policies.
5. Implement additional backup services to support your customers
While these tips are largely geared toward getting the most out of the native features and making them work for you, the more permanent and sustainable option is to find a software solution that provides comprehensive backup and archiving capabilities. The software you choose should help you support all services your customers utilize. The good news is that many third-party vendors provide multi-tenant software-as-a-service (SaaS) solutions that can seamlessly integrate with Microsoft 365.
How to select an email protection and backup tool
There are quite a few options out there built specifically for MSPs, so here are a few considerations to keep in mind while you are weighing your options:
- Is the software straightforward to use? Make sure whatever tools you employ are solutions you can use effectively. Ideally, this means finding a software solution that provides backup protection for all customer workloads, rather than just Microsoft 365 data. Streamlined configuration and maintenance are two other elements to keep an eye out for in your search.
- Does it make your job easier? The goal for MSPs is not to need a different security or solution for each of your customers’ services. Finding an all-in-one tool that enables you to consolidate your customer backup and recovery needs into a single management system will help you save on time and costs, while also reducing the complexity of strengthening data security.
- Does it keep data secure? Look for tools that prioritize security, especially those that keep data encrypted both in transit and at rest. Software that incorporates artificial intelligence or machine learning to provide increased protection against new and emerging ransomware threats is also integral to preventing your customer data from becoming compromised.
- Does it allow you to search for individual files? While full restores are an important feature, the reality is that most backup-related activities are simply focused on recovering one file. Rather than having to restore a complete image backup of a workstation to access one deleted item, the ability to search and restore emails and files is a key feature that MSPs should prioritize.
Regardless of which of these considerations you take into account, the point is that there are quite a few options on the market for you to explore. Knowing the specific features and capabilities you are looking for going into your search will help you find the right tool (or set of tools) that allow you to properly support your customers.
If you’re still not sure, we recommend going with the trusted products offered by N-able. Their cloud-based tools N-able™ Backup, Mail Assure, and RMM are designed specifically to meet the needs of MSPs, and can integrate with each other to offer a seamless technician experience. N-able Mail Assure offers comprehensive email security, archiving, and business continuity solutions, while N-able Backup offers consolidated backup and recovery management for user, workstation, and server data—including Microsoft 365 assets. Both of these tools can be integrated with N-able RMM for one powerful dashboard that technicians can use to gain full visibility into their customers’ environments.
Products from N-able (formerly SolarWinds MSP) are known not only for seamlessly integrating with each other for greater visibility in system operations, but also for offering a high degree of customization. This allows MSPs to tailor the backup and recovery solutions you provide customers to specifically meet their needs and policies—while also helping prevent data loss from Microsoft 365 accounts and files.