How to back up Microsoft 365 data

Microsoft 365 (formerly Office 365) is a cloud-based platform that allows employees to perform everyday tasks at work, including email, messaging and collaboration. If data is accidentally deleted, Microsoft does provide some minor protection, albeit with limited capabilities. Microsoft actually recommends that customers back up their Microsoft 365 data as part of the shared responsibility model for cloud services.

Organizations face increasingly serious dangers from insider threats to ransomware groups that target cloud services. To mitigate the risk of data loss, a proper backup procedure must be in place that allows the storage and management of cloud data from Microsoft 365 applications.

Below are some popular Microsoft 365 applications and data that can be backed up. 

• Exchange Online: Exchange Online is a centralized email product that Microsoft offers, and the data that you would typically back up includes mailboxes, emails, calendars, contacts, tasks, notes and folders.
• SharePoint Online: SharePoint Online is a browser-based document management and collaboration system. You can back up document libraries, files, folders, lists and list items, site pages, sites and subsites, root sites and site collections.
• OneDrive for Business: OneDrive is a cloud storage system that syncs data across devices. You can back up files as well as folder structures of your OneDrive.
• Microsoft Teams: Microsoft Teams is a communications hub that handles chat, voice and video calling. You can back up Teams, channels and tabs.
• Microsoft 365 Groups: This is a membership service that provisions other Microsoft services for better collaboration. You can back up shared mailboxes, calendars, file storage and planning tools.
• Microsoft Planner: This powerful tool allows teams to manage tasks, projects and workflows together. You can back up Planner plans, tasks and buckets.
• Microsoft Entra ID: Entra ID data contains information about identity objects, security access, applications and important relationship data related to access control, authentication and authorization for cloud and on-premises resources.

As we outlined earlier, Microsoft clearly states in its shared responsibility model that it is responsible for infrastructure, and the client is responsible for their own data. Microsoft offers limited retention for deleted items via its recycle bin. For example, Exchange Online data in the ‘Deleted Items’ folder is moved to the ‘Recoverable Items’ folder, where it is held for 14 days by default (though this can be extended to 30 days). 

Native restoration features are limited, and managing files from the Recycle Bin is not ideal. Many organizations operate within industries that are governed by strict regulations like HIPAA, GDPR and NIS2, which sometimes mandate years of retention for certain data types. These requirements far exceed Microsoft’s limited protections, which is why they are not adequate.

Microsoft 365 cyberattacks are on the rise because of the ecosystem's popularity and extensive use globally. Some examples of these threats include the following:

Ransomware

Ransomware attacks are currently one of the most common threats in this ecosystem. Attackers use compromised credentials to launch attacks that encrypt files across the organization’s OneDrive and SharePoint. A recent example is Storm-0501, a threat actor that compromised local on-premises accounts before pivoting to the cloud. From there, data was exfiltrated, files and backups were destroyed, and a ransom demand was made. This incident is not isolated — it is part of a growing trend of cloud-stored data being targeted by ransomware.

Account takeovers  

Account takeovers happen frequently, allowing intruders to delete emails, steal data or launch internal attacks. Without proper backups, organizations lose access to vital communications and documents permanently. 

Human error

Users accidentally delete files from time to time, and deleted files that go unnoticed beyond the default native recovery window cannot be recovered. Accidentally deleting an entire SharePoint site or emptying the wrong mailbox folder can erase months of work if it is not detected and restored in time.

Insider threats 

Insider threats perform targeted and malicious actions against an organization and can delete files without raising any suspicions. Malicious actions from users are difficult to track and result in missing data and lost hours of work.

Organizations have several options for backing up Office 365 data: using manual methods, third-party tools or Microsoft 365 Backup.

Manual exports

Some organizations attempt to set up manual backups by exporting mailboxes to PST files or downloading SharePoint libraries. This method is free, but it is quite labor intensive and does not scale well for large businesses. Manual exports don’t allow for point-in-time restorations unless multiple versions of each manual backup are captured and stored. Recovery is complex and requires PowerShell expertise and manual processes to restore relationships and dependencies. 

Third-party backup solutions

Microsoft recommends using a third-party backup solution for data protection. Some of the advantages that third-party backup solutions offer include granular recovery for individual file restores, encryption and malware scanning during data restoration.

Microsoft 365 Backup 

Microsoft’s native backup solution, a built-in backup tool that can restore elements of OneDrive, SharePoint and Exchange Online, is another option, but as noted above, it has limitations. The service creates restore points with express restore options to speed up recovery times. It uses append-only backup storage as protection against malicious overwrites. 

Initial backups usually take 15 minutes per 1,000 protection units, and the system offers full site and account restoration features. Organizations must evaluate Microsoft’s retention period and granular restoration capabilities against their compliance and recovery requirements before deciding if it is a viable backup solution.

Implementing Microsoft 365 backup and recovery requires more than simply choosing a tool. Organizations need to follow best practices that deal with technical and operational requirements before making a decision. These include the following: 

Backup automation

Manual backup processes are likely to fail when there is a reliance on individual team members to perform them. Automated daily backups provide consistent coverage and run on a schedule. 

Test restores 

Backup validation and testing are fundamental parts of a disaster recovery (DR) plan. Testing of your backups should be scheduled every quarter, simulating different scenarios like a full site recovery from backup, or more granular tests to check if individual files are recoverable. Testing your data restore procedures allows you to verify that your backup data is working as expected and is trustworthy. 

Role-based access controls

Restoration permissions should be limited to specific team members, and audit trails need to be in place for all backup and restore activities. The aim is to limit the potential danger posed by insider threats and unauthorized access to your backup system.

Monitor success rates 

Failed backups need to be investigated immediately so that the cause can be addressed and resolved as soon as possible. 

Barracuda Cloud-to-Cloud Backup overcomes Microsoft’s limited data retention by providing comprehensive protection across your entire Microsoft 365 environment. It protects Exchange Online, SharePoint, OneDrive, Teams, Planner (Basic), OneNote, Microsoft 365 Groups and Entra ID — leaving no critical data behind. 

*OneNote data can be backed up and exported, but restoration to Microsoft 365 is no longer supported as of March 2025 due to changes in Microsoft’s API.

Retention and storage

Barracuda allows you to store your backups for longer periods, perfect for industries that are required to retain data for several years. With Barracuda Cloud-to-Cloud Backup, you can back up and protect an unlimited amount of data with Barracuda Cloud Storage. 

Granular recovery options

Recovery flexibility matters when responding to incidents. Barracuda enables restoration at multiple levels: individual emails, files, folders, entire mailboxes or complete SharePoint sites. Search across all your backed up data for specific items, filter by date, sender, subject or content so that you can restore only what you need.

Automated daily backups

The platform runs automatic backups, capturing changes and ensuring that your data stays current. Frequent snapshots minimize potential data loss in disaster scenarios so that you are able to restore items without losing extended periods of work. Users also have the option of initiating ‘on-demand’ backups at any time.

Ransomware detection and protection 

Advanced threat detection monitors your backup data for ransomware signatures and suspicious patterns on restore. It also features delayed cloud purging to create a buffer that doesn’t remove Microsoft 365 data immediately after it has been deleted, giving you more time to restore it.

Malware detection on restore

Barracuda Cloud-to-Cloud Backup includes advanced malware detection that scans data before it is restored to your production systems. This is important because malware that was backed up before it was identified as a threat could potentially be restored weeks or months later. The system uses Barracuda Advanced Threat Protection (ATP) to scan for malware signatures and ensures that data restoration doesn’t trigger malware infections.

Air-gapped protection

Your backup data is stored in an air-gapped location, completely isolated and decoupled from Microsoft 365 infrastructure. If attackers gain entry into your Microsoft 365 environment, they can’t access, encrypt or delete your backup data. 

User interface and dashboard

The newly redesigned dashboard provides you with visibility across all your Microsoft 365 services. Monitor your backup status, storage consumption and recovery activities all from a single interface instead of switching between tools and reports across different systems.

The backup process starts with a secure connection between Barracuda’s platform and your Microsoft 365 tenant. Authentication follows Microsoft’s security best practices and uses secure protocols. Once connected, Barracuda performs an initial backup of all selected data.

All subsequent backups for Microsoft 365 are incremental for Exchange, SharePoint, OneDrive and Teams, capturing only the changes since the last backup. This minimizes bandwidth consumption and reduces backup times. The system tracks changes at an individual level instead of backing up entire containers repeatedly. 

Data transfers between Microsoft 365 and Barracuda occur via encrypted connections using TLS. Data stays encrypted at rest using AES-256 encryption. Barracuda hosts more than a dozen regional Azure storage locations worldwide, which ensures backup availability even during outages. For added security, Barracuda maintains three external copies of your backup files for redundancy and security.

When you need to restore data, Barracuda provides you with multiple options. Quick restore operations pull data directly from backup storage right into Microsoft 365, recreating folder structures and permissions automatically. For scenarios where you need to review data before restoring it, you can export data or download specific files for inspection.

The platform maintains detailed logs of all backup and restore activities and tracks backup access, data restoration activity and when these operations occurred. The audit trail supports compliance requirements and is also helpful during security incidents.

Calculate your backup needs and understand what your storage requirements are and the potential costs to your organization. Start a free trial and experience Barracuda Cloud-to-Cloud Backup protection for your Microsoft 365 data.