Latest update


Microsoft Office 365 Retention policy vs Backup

Many organizations today have migrated their business-critical data to the Microsoft Office 365 (Microsoft 365) cloud. This past year or so has prompted a tremendous shift in the way businesses allow employees who may now be working remotely to access data. Collaboration tools now are required to allow employees to seamlessly connect and collaborate, regardless of the location of the employee. Housing all the data and collaboration tools in the cloud means that organizations must think about how they are protecting their data. While not advertised as “backup” tools as such, Microsoft has built-in tools that provide data protection features to businesses. One of these is the native Microsoft 365 retention policies. Retention policies can provide a rather effective way of protecting your data. Let’s take a look at Microsoft Office 365 retention policy vs backup and see the pros and cons of using the built-in retention policies as a data protection tool.

Microsoft 365 empowers businesses with cloud collaboration and productivity tools
Microsoft 365 empowers businesses with cloud collaboration and productivity tools

Microsoft Compliance Retention Policies

While Microsoft Office 365 retention policies are not advertised as a backup service, when you combine the Microsoft 365 compliance retention policies with the standard retention policies, this approach actually provides a rather powerful tool that can provide many great features when considered in light of a backup solution. What are these?

As shown by the blog post here, customers can take advantage of the following with retention policies:

  • Continuous data backup
  • 99.99% uptime
  • Unlimited data retention

When compared with the standard retention policies alone, using compliance retention policies on top of standard retention policies, provides powerful protection for your data. What holds organizations back from using compliance retention policies on top of the standard Microsoft retention policies in place in Office 365 (Microsoft 365) environments?

How Compliance Retention Policies Protect Data

What data is captured using the Compliance Retention Policies in Microsoft 365? When you enable compliance retention policies in your Microsoft 365 organization, it ensures your data and all existing items from the moment the compliance retention policy is created along with new data created are kept in a protected space in your Microsoft 365 environment by means of the compliance center.

A user who may delete data will see the data disappear from their Microsoft 365 applications. However, the compliance retention policy is still maintaining a copy of the deleted data in the compliance storage. This data is searchable and accessible to administrators. They use the Compliance eDiscovery to view the data as well as the Preservation library.

What data is kept using Microsoft 365 retention policies?

Let’s take a look at the main services used in Microsoft 365 and see what data is kept using the Microsoft retention policies.

SharePoint and OneDrive

  • Where enabled, versions are retained for libraries
  • Folder structures can be recovered from eDiscovery
  • Site themes and related settings not retained
  • SharePoint membership permissions are not preserved
  • Sharing and access permissions aren’t preserved
image 1


  • MS Groups data retention can be enabled, but it only retains SharePoint data linked to the groups. User memberships, user permissions, or other metadata is backed up by retention policies.

Exchange Online

  • Messages (drafts, in-place archive) are retained
  • Folder structures are maintained in for the entire mailbox
  • Teams sent messages are retained
  • Themes and related settings are not retained
  • Calendar items and tasks that do not have an end data configured are not retained
Microsoft Exchange Online


  • Chats and channel messages, both public and private, are retained
  • Message attachments are not retained by default (you need to separately enable retention for SharePoint & user OneDrives)

What are the cons of using Compliance Retention Policies?

What keeps organizations from using the Compliance Retention Policies to protect their data? There are a few downsides of the Compliance Retention Policies to consider when it comes to making these feasible for organizations to use as a type of backup for their business-critical data. What are the disadvantages of using Compliance Retention Policies?

  • Compliance retention policies M365 licensing
  • Additional storage costs
  • Cumbersome restores

Compliance retention policies M365 licensing

Microsoft compliance retention policies are not available to the majority of Microsoft 365 customers simply because of the licensing tier that must be purchased to take advantage of compliance retention policies.

The compliance retention policies are included with top-level E3 and E5 Microsoft 365 plans. Additionally, many organizations mix and match Microsoft 365 licenses so that only those that need the features of E3 and E5 have this license status. This means that compliance retention policies would not be available to protect the data of all users.

Additional storage costs

The additional storage costs that are entailed with the compliance retention policies can be significant as customers are dinged for the storage used by the compliance retention policies. The additional storage costs can mount up in Microsoft 365, especially when companies on average may need to keep backups/data retention for 3 years or more.

Cumbersome restores

One of the main disadvantages of using the compliance tools as a data protection tool for Microsoft 365 is the process of restoring your data to Microsoft 365 from the compliance center. You first have to download your data and then re-upload your data to the respective service where the data needs to be recovered. Can you imagine having to first download gigabytes-worth of data and then re-upload that data to your Microsoft 365 account? This would be extremely cumbersome, time-consuming, and would certainly go against most organizations’ restore time objectives (RTO).

Third-party backup solutions

When it comes to protecting your data in Microsoft 365, third-party backup solutions have a lot to offer when compared to the native data protection tools found in Microsoft 365. Using a third-party backup solution provides the following:

  • Cheaper storage costs per user
  • No need to pay for expensive M365 user licenses
  • Keeping your backup data separate or not reliant on Microsoft 365 services
  • Most offer unlimited retention
  • Vastly superior restore operations
image 2
Third-party backup solutions provide a great way to ensure clients can access data in the event of an outage

Cheaper storage costs per user

When compared to paying for larger storage per user to handle the compliance retention policy overhead, third-party backup solution licensing is cheaper.

No need to pay for expensive M365 user licenses

If you have a third-party backup solution, it prevents paying for E3 or E5 licensing simply for the ability to use compliance retention policies for data protection.

Keeping your backup data separate or not reliant on Microsoft 365 services

Backups should never rely on production systems. Using a third-party solution that stores the data outside the environment is a great way to ensure that you will have access to your data in the case of a Microsoft cloud services outage.

Most offer unlimited retention

An unlimited retention policy is generally an option for third-party backup solutions. There may be additional costs for unlimited retention as well. However, these will probably be cheaper than Microsoft 365 unlimited storage.

Vastly superior restore operations

If there is one advantage that is worth its weight in gold, it is the vastly superior restore operations of third-party backup solutions. These allow businesses to restore backups directly to Microsoft 365 environments. This forgoes the double-hop nature of downloading the data and then having to re-upload the data you need.

Wrapping up

Many may consider Microsoft Office 365 Retention policy vs Backup for comparison sake. Microsoft compliance retention policies offer a great way to ensure data is protected. However, it does not come without downsides. There is much for businesses to consider when deciding the best way to back up their Microsoft 365 cloud data. A great example of a cloud backup provider for Microsoft 365 is Afi. Afi provides the ability to easily protect your Microsoft 365 environment, including Microsoft Teams.

Check out more about Afi and sign up for a free trial here.

Post a Comment