Microsoft 365 Backup: Protect Your Cloud Data from Deletion and Ransomware

Microsoft's Shared Responsibility Model

Microsoft operates on a shared responsibility model. Microsoft is responsible for the availability and integrity of the Microsoft 365 infrastructure — the datacentres, the network, the application platform. You are responsible for your data — protecting it, managing access to it, and recovering it if it is accidentally or maliciously deleted. This is stated clearly in Microsoft's service terms, but many businesses are unaware of this distinction when they adopt Microsoft 365.

Transport and warehousing has the lowest MFA adoption at just 42% of users — a critical gap in a sector increasingly targeted by ransomware. (Okta)

KNP Logistics Group — a 158-year-old UK transport company operating 500 lorries under the Knights of Old brand — was forced into administration in September 2023 after the Akira ransomware group encrypted all data via a single weak employee password. The ransom demand was estimated at £5 million; KNP was unable to pay, leading to 700 job losses. (Motortransport)

Legacy authentication left enabled "just for that one app" — despite being the vector for 99%+ of password spray attacks (Thehackernews)

Microsoft's recycle bins and version history provide limited short-term recovery options — typically 30 to 93 days depending on the service. Beyond these windows, permanently deleted data is not recoverable without a dedicated backup solution. A ransomware attack that encrypts SharePoint files may also exhaust or corrupt version history within the recovery window before the attack is detected.

What Can Be Lost Without Backup

The most common data loss scenarios in Microsoft 365 environments involve: accidental deletion of mailboxes, SharePoint sites, or Teams — particularly during offboarding of departing staff; bulk deletion or corruption of files by ransomware that has gained access to a user's OneDrive or SharePoint via compromised credentials; accidental overwrites of important documents where version history does not extend back far enough; and data deleted by a disgruntled or departing employee before access is revoked.

In each of these scenarios, Microsoft's built-in recovery tools may be insufficient. A dedicated backup provides a controlled, verifiable point-in-time recovery option that is independent of Microsoft's retention policies.

What AMVIA's M365 Backup Covers

AMVIA deploys a dedicated Microsoft 365 backup solution covering Exchange Online (email, calendar, contacts), SharePoint Online, OneDrive for Business, and Microsoft Teams (channel posts and attachments). Backups run multiple times per day, providing a granular recovery point that limits data loss even if an incident is not discovered immediately.

The backup data is stored in a separate cloud environment, isolated from your Microsoft 365 tenant. This separation means that a compromise of your M365 environment — including a ransomware attack on SharePoint — does not affect the backup copy. Recovery is possible at the item level (individual emails or files) or at the full mailbox or site level, depending on the recovery scenario.

Ransomware and the Case for Immutable Backup

Ransomware increasingly targets cloud storage alongside local file systems. OneDrive and SharePoint sync means that ransomware on a user's device can propagate encrypted files to cloud storage, replacing clean versions. If this propagation exceeds the version history depth, recovery through Microsoft's built-in tools is limited.

AMVIA's backup solution retains multiple point-in-time copies of your data independently of Microsoft's version history. This allows recovery to a point before the ransomware encryption began, rather than to the earliest available version in OneDrive — which may already be encrypted.

Compliance and Legal Hold

Many businesses have data retention obligations — regulatory requirements to retain email records for a defined period, or legal hold requirements for ongoing or anticipated litigation. Microsoft 365 includes compliance tools for this purpose, but they require proper configuration and management. AMVIA reviews M365 compliance configuration alongside backup deployment to ensure retention policies are correctly aligned with your obligations.

Where a dedicated, long-term archive is required beyond Microsoft's built-in retention capability, Barracuda's email archiving solution can be added as a complement to the standard backup service.

Recovery Testing

A backup that has never been tested is a backup of unknown reliability. AMVIA conducts periodic recovery tests — restoring a sample of mailbox or file data to confirm the backup is working correctly and that recovery procedures are understood. Recovery test results are documented and included in the service record, providing evidence of data protection capability for compliance and insurance purposes.

AMVIA's Managed Backup Service

AMVIA configures, monitors, and manages the backup service. Backup job success is monitored daily via AmviaIQ — failed backup jobs are investigated and resolved without requiring you to check a dashboard. Monthly reports confirm backup job success rates, data volumes protected, and any incidents. Recovery requests are handled by AMVIA's support team, typically completing item-level recoveries within a few hours of a ticket being raised.