The biggest misunderstanding in Office 365

From Enimbos we are aware that not everyone knows the importance of Backup of your content either at work or in the private sphere. It is vital to know about the coverage you can expect if you hire managed services in the cloud. In this case we will talk about Microsoft Office 365.

Office 365 backup and retention policies can only protect you from limited data loss and are not intended to be a complete backup solution. Retention policies are always evolving and tend to be very complicated to manage and supervise. Commonly, administrators believe they are covered, but in fact, certain elements are no longer there.

Now, we will see how much time Office saves the data and files of their accounts in tray, before eliminating them.


Place Retention period Action
Inbox or archived folders 2 years moved to file
Recycle bin 1 month permanent deleted
Self-archived data 1 month moved to file
Files deleted from SharePoint 1 month deleted after 2 months
Corporate files deleted from OneDrive 1 month deleted after 2 months
Employee leaves the company 1 month permanent deleted


The average time from the moment the data is compromised until its discovery is more than 140 days, however, the default configuration only protects your data for 30-90 days.

This is the biggest misunderstanding in the Office 365 market. In general, users of 365 believe that Microsoft takes care of everything, when the reality is that Microsoft is only responsible for the infrastructure, while the data management is under the responsibility of the client. Now, we will list the responsibilities to which Microsoft is committed and those that are left to the user:


Microsoft responsabilities:

Main responsabilities:

  • Optimization of the global infrastructure of its services.

 Support technology:

  • Office 365 data replication (DC to DC geo-redundancy)
  • Recycle bin: Recovery of short-term data loss, limited (no point-in-time recovery)


  • At the infrastructure level:
  • Physical security, logical security, App-level security, user/administrator management. 


  • Data processing manager role: Privacy, Regulatory controls, Industry certifications


User responsabilities:

Main responsabilities:

  • Comprehensive management of your data in Office 365: Access and control of all data spearheaded in the Office system. 

Support Technology:

  • Office 365 Backup: The user is responsible for making their own backups outside of the Office systems.
  • Total data retention: ST and LT retention covering all the gaps in office policies as well as the different granular and point-in-time recovery options. 


  • At the data level:
  1. Internal: accidental deletion, malicious inside information, revenge of employees, evidence manipulation.
  2. External: Ransomware, malicious programs, hackers and malicious applications.


  • Role as owner of the data: Response to industry regulations and demands of internal legal and compliance officers

Unfortunately, scarce people dedicate their time to inform about the distribution of responsibilities between the service and the user. But as they have told their users: “With Office 365, it’s your data, you control them, and it’s your responsibility to protect them.

Related Posts