Does Microsoft 365 back up my data?

This is the single most common misconception about Microsoft 365 and it has expensive consequences. Microsoft is responsible for the availability of the service (keeping it running). You are responsible for the protection of your data (keeping it recoverable). The Microsoft Services Agreement is explicit: they recommend you back up your own data.

What Microsoft 365 actually provides

• Deleted item retention: Items in Recoverable Items (Deleted Items folder) for 14-30 days, then permanently deleted
• Version history: OneDrive/SharePoint files have version history (configurable, default 500 versions)
• Litigation hold: If enabled, prevents deletion of mailbox content (but this is for legal, not backup)
• Retention policies: Configurable retention for compliance (but again, not backup)
• Service-level redundancy: Microsoft replicates data across multiple datacenters — you don't lose data to a Microsoft hardware failure

What Microsoft 365 does NOT provide

• Long-term retention beyond the recovery windows above (usually 30-93 days max for unconfigured tenants)
• Granular point-in-time recovery for accidentally modified content beyond version history
• Protection against malicious deletion by authorized users — if an admin or attacker with admin credentials deletes content and waits past the retention window, it's gone
• Ransomware recovery beyond the recovery window — if ransomware encrypts files synced to OneDrive and you don't catch it within version history, you lose data
• Cross-tenant or export capabilities for backup-style portability

Real risks Microsoft 365 backup addresses

1. Departing employees — data deletion when offboarding, accidental or malicious
2. Ransomware — encryption of OneDrive/SharePoint files
3. Admin error — bulk deletion of mailboxes, sites, or files
4. Compliance retention — multi-year retention requirements beyond M365 defaults
5. Legal discovery — ability to produce data from any point in time

What to use

Common third-party M365 backup platforms: Dropsuite, Datto SaaS Protection, Veeam Backup for Microsoft 365, Acronis Cyber Protect, Barracuda Cloud-to-Cloud Backup. Typical pricing: $3-$8 per user per month.