How to protect your business’s Microsoft 365 data?

Acronis Cyber Protect
formerly Acronis Cyber Backup

As small to midmarket businesses increasingly rely on Microsoft 365 to digitize their operations, the responsibility of protecting that data falls on their IT operations (ITOps) professionals. These employees must take action to protect their business against cyberthreats or any incidents leading to data loss.

One best practice in this regard is the use of dedicated M365 third-party backup tools. Microsoft is known for its shared responsibility model for data security, and the company even advises businesses to use additional solutions for data security.

This article explains the risks of leaving your clients’ M365 data unprotected and how Acronis can help you fulfill your security responsibilities toward your organization.

Extra protection — Why?

Microsoft’s advice on implementing other tools to ensure your data is secure is well taken. Below we discuss four reasons why you need extra protection.

Time-bound retention

Microsoft 365 documents are retained for up to 90 days. Upon expiration of this window, the data disappears. Data retained within that time frame is also a replication. If the original or local copy gets infected or deleted, the changes apply to the copy in the retention archive as well. Although some data are saved indefinitely in eDiscovery and Litigation Hold, these are not really considered viable replacements because they are retrieved for litigation purposes only.

Attack prone

Unfortunately, Microsoft 365 is not entirely immune to hacking and cyberattacks. There are many ways in which an M365 environment can be compromised — a malicious insider could delete important data, or an external attacker could exploit access to the business’s M365 environment. It can be disastrous for a company if a malicious actor gains access to its M365 account.

Potentials for data loss

In May 2019, Microsoft cloud services experienced a one-hour connectivity issue due to a failed DNS change. When there is a Microsoft service outage, as a result of either a hardware or software failure, data may be lost; in such cases, recovery will be impossible without an extra layer of backup.

Although this security concern has been addressed by Microsoft's recent investments in cybersecurity, the backup features for the traditional on-premises Microsoft Office are another concern, as they are not compatible with those of the Microsoft 365 cloud. This can lead to data loss during a migration, something for which Microsoft has no solution.

Risk of regulatory breach

As Microsoft 365 Office does not have limitless retention, implementing extra protection for your M365 data can help you avoid regulatory fines and litigation fees. Compliance frameworks such as HIPAA and GDPR require user data to be stored and retained beyond M365’s window or even infinitely.

Solution: Acronis Cyber Protect for businesses

M365’s data protection gaps expose your business to downtime caused by cyberattacks — potentially $137–$427 in losses per minute of downtime. To avoid this, you need a dedicated third-party solution that gives both your organization and your clients peace of mind when it comes to data retention and protection.

Acronis Cyber Protect for businesses is a third-party tool that secures your Microsoft 365 mailbox and OneDrive content in the Acronis Cloud. It safeguards your email attachments, as well as OneDrive files, folders, and subfolders, eliminating the need to deal with separate backups for any of these.

Acronis Cyber Protect secures data on-premises and in the cloud. It integrates with all M365 tools, allowing you to back up your entire M365 environment so that no data is lost during migration.

The tool offers four distinct features, discussed below, that make it a potent solution to protect your business’s M365 data.

1. Long-term data retention

Acronis is a dedicated M365 backup solution that offers long-term, limitless data retention. To further heighten security, your Microsoft 365 data is saved in the Acronis Cloud outside your premises, backed up directly from the Microsoft data center. This both streamlines and simplifies the configuration and maintenance process. Acronis Cyber Protect also offers point-in-time and granular data recovery — regardless of the data’s age. This helps prevent data loss and speed up data recovery in the event of a breach.

2. Complete data backup and encryption

Acronis saves data in different locations, which assists in the recovery of data when needed. It also restricts third-party access via multi-level backup encryption; this is reinforced by data transfers over the network using TLS encryption, data-center storage with high-grade disk-level encryption, and per-archive encryption with AES-256.

3. Full regulatory compliance

With Acronis Cyber Protect, you can customize the retention window. This enables mid-market organizations in heavily regulated industries to comply with security standards such as GDPR and U.K. GDPR. The solution also includes comprehensive security features that complement efforts toward GDPR compliance, including anti-malware protection, vulnerability assessment, and patch management. This helps your organization avoid hefty fines and legal issues.

4. Anti-malware and authentication

Anti-malware protection is another reason to use Acronis. It supports multifactor authentication (MFA), only granting access after a second form of authentication, thus helping you avoid being exposed to cyberattacks like phishing and social engineering.

Best practices

In addition to leveraging an effective solution such as Acronis, organizations should adopt a few best practices that are critical to achieving comprehensive M365 data protection.

Implement regular backups

Regular backups ensure that data is backed up at every point in time. However, you still need to check that the right data is being backed up, the backup schedule aligns with the needs of your organization, and backups are encrypted and stored securely.

Test and monitor backups

To make sure data is recoverable when required, you need to test your backups. You also should regularly monitor their status to ensure they are being completed successfully. The monitoring protocol should be integrated with an alerting system that can notify you of any suspicious behavior or unusual activity.

Combine on-premises with in-cloud protection

Protecting on-premises, in-transit, and in-cloud data can help protect data even when it is accessed outside the internal network. You need a secure backup and disaster recovery plan in place that considers both architectures to ensure that data is protected and easily recoverable.

This combination can provide you with better data management capabilities, such as classifying, labeling, and protecting information. It is also cost-effective, as it allows you to choose the necessary level of data protection without overspending on unnecessary tools.

Enforce personnel training

Human error is one of the leading causes of data breaches. Hence, security-related staff training is crucial. Your colleagues within the organization must understand the importance of data security, especially with regard to the implications of credential sharing, using correct data classification, and data-access levels.


As an IT operations professional, protecting your business’s cyber networks is your primary duty. Cyber protection combines cyber security with data backup. Although Microsoft partially helps you fulfill this key responsibility to small and mid-market businesses via its built-in data backup options, its shortcomings dwarf its benefits.

For comprehensive backup of your organization's M365 data, you need a specialized backup solution. Acronis Cyber Protect offers a win-win situation: it protects your business's Microsoft 365 data while also enabling quick data recovery in the event of accidental or intentional data loss; this, in turn, increases your organization’s confidence in its security solutions and services.

Request a demo or try Acronis Cyber Protect today.

About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.

More from Acronis