Backup for Microsoft 365

As soon as employees leave the company and their Microsoft 365 licenses are deactivated, the active backup ends automatically. However, data that has already been backed up is retained in the backup.

In detail, this means that no new backups are created once an account has been deactivated; however, existing data remains stored in accordance with your individual retention and archiving guidelines. Manual individual backups before deprovisioning are therefore largely superfluous, and the data is still available for audits, succession planning or compliance checks.

The backup data is stored in highly secure Google Cloud data centers, preferably in European regions. All data is encrypted during transmission and storage.

The specific storage location is firmly defined and documented as part of the setup process in order to meet your data residency and compliance requirements. Recognized security and compliance standards such as ISO 27001 and SOC 2 are used to secure the infrastructure; the exact design is verified on a project-specific basis and can be verified in an audit-proof manner if required.

The backup solution helps to detect suspicious activities at an early stage and to restore data to a consistent state prior to the incident in the event of an emergency. This ensures business continuity even in the event of security incidents. Specifically, AI-supported ransomware protection is used here, which detects anomalies and unusual patterns in data traffic at an early stage and stops the backup if there are signs of a compromise and informs the contact persons on file.

In the event of damage, you can access defined backup points and restore affected data in a targeted manner. The underlying architecture is optimized for enterprise environments in particular, so that restores can be carried out reliably even under provider-side throttling.

Storing backups outside the Microsoft infrastructure significantly increases resilience because the primary system and backups are located in different security domains. This means that backups remain protected even in the event of tenant-wide disruptions or compromised identities.

The organizational and technological separation from the Microsoft tenant makes it much less likely that misconfigurations or successful attacks on administrative accounts will affect primary data and backups at the same time. This multi-cloud approach enables independent, controlled recovery and helps to restore business continuity more quickly, even in critical crisis scenarios.

Backup is primarily used for operational recovery after data loss or security incidents, while archiving is aimed at the long-term, audit-proof storage of information. Both approaches can be combined in the solution.

A backup is geared towards short-term restore scenarios and the lowest possible RPO/RTO values in day-to-day business. Archiving, on the other hand, addresses legal and regulatory requirements, such as defined retention periods or obligations to provide evidence. By configuring the solution accordingly, you can map both operational resilience and long-term, legally compliant storage with export options.

The architecture is specially designed for restore scenarios in large Microsoft 365 tenants and takes into account typical Microsoft throttling mechanisms. However, specific recovery times always depend on your environment and should be tested regularly.

Factors such as the total volume of data, the structure of the tenant, parallel workloads and platform-specific limits influence the actual performance. The solution uses optimizations and parallelization to keep restores stable even with larger amounts of data, but cannot overcome the technical limitations of the Microsoft platform. We therefore recommend regular restore tests to realistically validate your target values for RTO and RPO and to sharpen them if necessary.

Yes, Copilot interactions can be fully included in the scope of the backup. This keeps the use of Microsoft 365 Copilot transparent and traceable if necessary.

Both the prompts used and the responses generated are saved so that AI-supported decision-making processes are documented. The data can be evaluated for internal audits, transparency reports or regulatory verification requirements, for example. The exact scope of services is determined depending on your agreed scope and the technical availability in the respective project.

Yes, in addition to complete structures, the solution also supports the targeted restoration of individual emails, files or other objects. Backups are searchable and can be restored to the original storage location or an alternative destination.

In the portal, you search the backup statuses for specific content - such as certain messages, documents or chats - and then select the desired elements for the restore. In contrast to many native on-board tools, where SharePoint backups are often only possible as a complete restore of entire structures, the solution allows a selective, controlled restore of individual elements without overwriting existing content in the target area.