Image Source: Unsplash.com
Microsoft 365 is a suite of productivity and collaboration applications, including Microsoft 365 apps, Exchange, SharePoint Online sites, OneDrive, InTune, Teams and more. Hundreds of businesses worldwide use the subscription-based model Microsoft offers and provide their onsite and remote employees with Business, Premium or Enterprise plans and functionalities.
Given the hundreds of thousands of gigabytes of information passing through Microsoft’s apps and tools, one might start wondering about data safety and protection of sensitive information. People worldwide exchange online data daily, such as client information, banking details, invoices, projects, previous communications, app codes, designs, etc. How does one protect all of it?
Microsoft offers native backup solutions that are not always enough, and businesses should consider each of Microsoft’s applications separately.
You might have already heard that Microsoft Teams is the most challenging Microsoft 365 app to backup and restore data. But what are the particular reasons and challenges that businesses and IT professionals encounter when dealing with Teams?
There Are No Backups in Microsoft 365
Microsoft 365 is a fantastic set of applications and tools that help businesses worldwide to develop and prosper whether employees work onsite or remotely. As a large technology corporation, Microsoft offers an essential opportunity for their users – the ability to continue working.
Basically, Microsoft is responsible for keeping their data centres and servers up and running no matter the circumstances. Their protocols include physical security, data storage replication and redundancy and guarantee of uptime and privacy controls.
The Shared Responsibility Model
Microsoft uses the ‘Shared Responsibility model’ to protect its client’s data. The protocols mentioned above are the corporation’s responsibility but backing up your business data and recovering it in case of need is your company’s duty. That means you need to implement proper data backup and disaster recovery plans to ensure business continuity.
Example
For the sake of clarity, let’s throw in an example. A natural disaster such as a flood affects one of Microsoft’s data centres. It’s their responsibility to ensure that this flood will not play a role in your use of their apps and tools, you will still have access to Microsoft 365, and your work can continue.
On the other hand, if your new intern accidentally deletes an important file and you haven’t backed it up before, you need to know how to retrieve it because Microsoft holds no responsibility.
Native Data Protection Solutions
Microsoft does offer some native data protection solutions that mainly apply to SharePoint Online and Exchange Online.
By subscribing to a Microsoft 365 plan, you can retrieve deleted data from SharePoint recycle bin within 90 days, recover entire mailboxes within 30 days and restore individual mailbox items within 14 or 30 days. To increase the period from 14 to 30 days, you can use PowerShell for Exchange Online.
Retention Policies, Recoverable Items Folder, In-Place and Litigation Hold
Retention Policies, Recoverable Items Folder, In-Place and Litigation Hold, are native solutions Microsoft offers for their users. Retention policy settings allow you to choose what to do with a specific data set.
For example, you can delete it, retain it, or delete it after a particular period of time. However, this is not the same as a backup. This function allows you to preserve the data for a more extended time before deleting it entirely, but you will not have a saved copy of it forever.
Concerning Microsoft Teams backup, compliance retention policies cover only Microsoft Teams channel messages and Microsoft Teams chats.
The recoverable items folder is created for cases of accidental deletion. It retains deleted items for 30 days, within which you can restore them. You can additionally use In-Place Hold to preserve items with specific parameters or the Litigation Hold to preserve all items from deletion until they fill 100 GB storage.
Third-Party Vendors
So Microsoft does offer native solutions with some limitations. Different businesses require different approaches. That is why many third-party backup vendors and services offer backup tools to secure Microsoft 365 data and help disaster recovery.
However, while it is relatively easy to restore document libraries and user and groups mailboxes because of on-premises technology, dealing with cloud apps such as Microsoft Teams becomes more difficult.
Image Source: Unsplash.com
Microsoft Teams is a Cloud App
Microsoft Teams is the collaboration hub of all Microsoft tools and is similar to other cloud-based software such as Slack and Google Workspace. Because of its cloud-based collaboration technology, the app allows onsite and remote employees to work together in real-time via channels, conversations, Teams messages, video calls, online meetings, file sharing and editing, and more.
As we mentioned above, Microsoft Teams is different from other Microsoft apps because it is a cloud app. Its functionality is based on a complex data architecture combining multiple services provided by other Microsoft 365 and Azure tools and is perfectly integrated with other apps like PowerPoint, Word, Exchange and SharePoint.
That automatically means that the data generated via Microsoft Teams is also stored in different locations across the cloud.
Suppose you want to secure your Microsoft Teams business data. In that case, you need to consider the various data types, where each data type is stored, Microsoft’s native data protection options and what do different third-party backup vendors offer.
What Do Third-Party Backup Vendors Claim and What Is the Reality
To make an educated decision for your Microsoft Teams data protection strategy, you need to fully understand what backup vendors claim to offer and what they actually offer. For this to happen, we first need to discuss compliance records.
Microsoft Teams Compliance Records
You can see Microsoft Teams Compliance Records in the security and compliance centre. The idea behind to records is to make a simplified copy of channel messages in Exchange group mailboxes and personal chats in Exchange user mailboxes.
These copies do not contain the complete information the message or chat might store, but since they are saved in Exchange Online mailbox, they are suitable for eDiscovery via content searches. Specific information types included and excluded from the copies are shown in the table below.
Included Information | Excluded Information |
Emojis, GIFs, stickers, inline images, tables | Message reactions |
Deep links to other Teams | Voice recordings/ Audio messages |
Links to SharePoint Online document library and files | Whiteboards |
Subjects and team names for channel messages/ People names in personal chats | Meeting recordings |
Third-Party Backup Vendors
As you can see, compliance records are not original data. Some of the vendors copy these records to a safe location (Exchange Online), which might seem like a backup, but it actually isn’t.
The reason is that this is not your Microsoft Teams data, but a simplified version of it, and also because no API restores Teams compliance records into the Teams app (channel messages or personal chats).
Using Beta Teams Migration API
The more complicated, time-consuming and more accurate way third-party vendors use to secure Teams data is through beta migration API.
The simplified version of the steps within such an approach is the following:
- Analyse and prepare message data
- Set up your Office 365 tenant
- Create a team
- Create a channel
- Import messages
- Complete migration mode
- Add team members.
While it sounds promising, this method also implies restrictions on what data you can import and what data you cannot (see table below).
Data you can import | Data you cannot import |
Team and channel messages | Personal and group chats messages |
Message creation date and time | Mentions, reactions, emojis, stickers, quotes |
Inline images | Private channels |
Links to SharePoint and OneDrive files | Videos, code snippets |
Rich text messages | Announcements |
Reply threads/Message chains | Crossposts between channels |
Failure to Deal with Full Scope of Microsoft Teams Data
As seen from the tables in the previous section, the two most commonly used approaches for backing up Microsoft Teams data by third parties are not providing a complete backup solution.
Suppose the independent software vendor (ISV) uses the compliance records as their’ backup solution’. In that case, this means you will not be able to recover Teams data such as whiteboards, meeting recordings, message reactions and audio messages. Moreover, you will not be able to retrieve the copied information back to the Microsoft Teams app.
On the other hand, if the vendor uses beta teams migration API, they will most likely fail to restore data from personal and group chat messages, private channels, videos and cross-posts, mentions, emojis, stickers, reactions, etc.
A complete comprehensive Teams backup solution needs to consider the architectural data complexity and the interconnected Microsoft apps. And that’s not even the most challenging part.
Restore Might Be Even a Bigger Issue
You probably already understand that backup Teams data is a difficult task. But even if you have a complete backup that involves full copies of all data types, you still have to be able to restore them in case the originals are lost or deleted. And Teams backup recovery is not easy too.
Retrieving data such as teams channels, private channels, and other related data is a difficult task for a few reasons. First of all, messages and communications are constant and ongoing. Second, it is exceptionally challenging to associate the right inline images, gifs, mentions, reactions, links, and others with the message timeline.
One of the best ways to restore Microsoft Teams data until today is to immediately report the loss or the deletion of a channel.