Imagine your company is targeted by hackers. Suddenly, the data in your Microsoft 365 Cloud is no longer secure. The big question then is: How do we get the place up and running again as quickly as possible? You might think, “Oh, Microsoft has a backup function, let’s just load the backup.” Not quite. What Microsoft offers as a ‘backup’ does not necessarily correspond to what we imagine it to be.
Wie bei vielen Themen rund um die IT-Sicherheit, muss man sich VOR einem Sicherheitsvorfall auf den Ernstfall vorbereiten.
Genau dabei soll dieser Blog helfen: Wir geben Ihnen einen Überblick über das, was Microsoft selbst anbietet und empfiehlt, und zeigen Ihnen dann unsere bewährten Methoden für Backups.
What does Microsoft offer as an M365 backup?
Until now, Microsoft only offered a simple backup solution for OneDrive, which was mainly suitable for restoring accidentally deleted files. However, a comprehensive backup that fully backed up and quickly restored all areas such as SharePoint, communication channels or Microsoft Teams was missing. This meant that companies could not rely solely on the standard backup functions to ensure their operational capability in emergencies.
However, Microsoft has been offering a fully-fledged backup service since 2024, thereby expanding its portfolio. Microsoft’s new backup offering may offer additional functions, but the late start also brings disadvantages. While Microsoft is just getting started, other providers have optimized their solutions over the years and made them more user-friendly. They offer sophisticated features and intuitive operation that companies appreciate.

Microsoft first has to catch up here, which is reflected in the complexity and sometimes cumbersome handling of the new backup functions. This means for companies: While other solutions are already tried and tested and efficient, Microsoft’s offering could still face teething problems.
Depending on the backup requirements and the size of the company, a third-party model that charges per user could be an attractive alternative, as Microsoft sets its prices per TB.
The 3-2-1 method for backups
A proven standard in data backup is the 3-2-1 method. This strategy recommends creating three copies of your data, stored on at least two different media. One of these copies should also be in an external location – ideally geographically separated from the others to prevent data loss in the event of local incidents.
Microsoft offers a highly developed infrastructure with strong geo-redundancy, which means that the probability of a complete system failure is low. These redundant systems make a significant contribution to data security. Nevertheless, a residual risk remains: a comprehensive cloud outage or a targeted attack could potentially affect all copies in the Microsoft ecosystem. Companies that focus on maximum security should therefore check whether additional backups outside of the Microsoft cloud make sense in order to fully comply with the 3-2-1 strategy.

Who is responsible – External M365 backup a recommendation from Microsoft?
Microsoft 365 offers a certain level of protection and geo-redundancy for your data. However, there is often a misunderstanding about Microsoft’s responsibility and the user’s actual responsibility for the protection and long-term retention of their Office 365 data. It is important to understand that backup and recoverability protection from Microsoft is not the same as a comprehensive backup concept.
Microsoft 365 geo-redundancy protects against site or hardware failures to ensure that your users can remain productive. However, it does not necessarily guarantee comprehensive protection and direct access to backups.
It is crucial to assess control over your data and ensure that you have direct access and control over your backups. A backup is made by creating historical copies of your data and storing them in a different location. This allows you to restore it quickly in the event of data loss, accidental deletion or malicious attacks. Microsoft 365 does not provide sufficient protection against the latter in particular for most use cases.
The responsibility clearly lies with the company and the users. In fact, Microsoft itself recommends that users back up their Microsoft 365 data. This underlines the importance of a comprehensive backup concept.
The recommendation can be found in the Microsoft service contract.

It is essential to understand the priorities of different companies. For Microsoft, for example, data backup is merely a complementary aspect of their service offering. On the other hand, for a company that focuses on backup solutions, the user-friendliness and functionality of their backup services are of paramount importance.
But how exactly is my backup and how can I assure my business customers that I am GDPR-compliant? To have all compliance-relevant add-ons available at Microsoft level, you have to dig deep into your pockets. Backup providers based in Germany, on the other hand, offer their solutions with GDPR Conformity .
More security and better backups
We have familiarized ourselves with some backup providers and have been able to identify a few aspects that can help you find the right product for you.
Proof of concept presentation and free trial month
Get to know our backup and security solution for Microsoft 365! In a free initial consultation, we will introduce you to all the functions and then set up the solution individually for your company. You can test it for a month without obligation and then decide whether the solution meets your requirements. If not, you will not incur any costs. Arrange your free initial consultation now and make your data fully secure!
Buchen Sie jetzt eine
kostenlose Erstberatung!
kostenlose Erstberatung!
Mit meinem Klick auf „Jetzt Termin vereinbaren” erteile ich freiwillig meine Einwilligung in die Verarbeitung meiner personenbezogenen
Daten zu Zwecken der Kontaktaufnahme. Ich kann die datenschutzrechtliche Einwilligung jederzeit mit Wirkung für die Zukunft widerrufen. Durch den Widerruf der Einwilligung wird die Rechtmäßigkeit der aufgrund der Einwilligung bis zum Widerruf erfolgten Verarbeitung nicht berührt. Mit meiner Handlung bestätige ich ebenfalls, die Datenschutzerklärung und das Transparenzdokument gelesen und zur Kenntnis genommen zu haben.
Leave A Comment