Skip to main content
NDLS logo
microsoft-365 backup-recovery how-to

The Microsoft 365 Backup Myth That Costs Businesses Their Data

Microsoft does not back up your Microsoft 365 data the way most people assume. Here's what's actually included, and what you need to add.

· NDLS Team

There’s a belief we hear often, usually from new clients: “Microsoft 365 is in the cloud, so my data is automatically backed up.” It’s a reasonable assumption — and it’s not quite right. Microsoft’s own Services Agreement and Shared Responsibility model make this clear, but the language is buried.

What Microsoft 365 actually protects

Microsoft is responsible for the infrastructure — keeping the servers running, replicating data across data centres, and protecting against hardware failure. They’re very good at this. If a Microsoft data centre catches fire, your email is fine.

What Microsoft is NOT responsible for is what happens to your data:

  • An employee accidentally (or intentionally) deletes a critical SharePoint folder
  • A ransomware attack encrypts files in OneDrive
  • A retention policy expires and removes mailbox content
  • An admin makes a mistake during a tenant change

In all of these cases, the data is gone, and Microsoft will not restore it for you beyond their limited retention windows (typically 30 days for most items, sometimes less).

What’s actually retained, and for how long

Some quick numbers to anchor things:

  • Deleted emails: 14 days in Deleted Items, then 14 more in Recoverable Items by default
  • Deleted SharePoint files: 93 days in the recycle bin, then gone
  • Deleted OneDrive files: 93 days for the user, additional 93 days for admins
  • Teams chat history: dependent on retention policy; default is “forever” but easily overridden

After those windows, Microsoft cannot help you. Period.

What a real backup looks like

A proper Microsoft 365 backup is a third-party service that takes daily (or more frequent) snapshots of mailboxes, OneDrive, SharePoint, and Teams data and stores them outside Microsoft’s environment. The retention is configurable — typically 1, 3, 7, or 10 years — and crucially, it’s recoverable even if the source data is deleted, ransomware-encrypted, or corrupted.

The cost is usually $3–5 per user per month. For most small businesses this is the cheapest insurance they’ll ever buy.

What we recommend

If you don’t already have a Microsoft 365 backup, this is one of the highest-priority items to address. Talk to your IT provider, or reach out to us — we can help you assess what you have today and what gaps exist.

Tagged: microsoft-365 backup-recovery how-to

More from NDLS

Changing or resetting your PIN in Windows 11

Adding a shared mailbox to Outlook

Showing the From field in Outlook

Back to Blog