There is a lot of misconception about the capabilities of Microsoft 365 with regard to data protection. Many organizations avoid backing up Microsoft 365 data because they assume that Microsoft takes care of that for them. The reality is that, while Microsoft provides tremendous data protection capabilities, they require configuration and have some important limitations that need a third-party solution to address.
Microsoft 365 data protection capabilities can be divided into three general areas:
1) High availability and redundancy:
Microsoft 365 services are highly redundant. Exchange Online, for example, uses technology that has been proven out for many years in on-premise scenarios including database availability groups and transport shadow redundancy to ensure that all data is stored in both primary and secondary data centers. Similarly, Microsoft 365 file storage across SharePoint, Teams, and OneDrive are built on Azure georedundant storage. All data is stored in at least three locations in a primary data center and replicated in three locations in a secondary data center. While this protection ensures high availability, it does not protect against accidental deletion or allow for recovery from data corruption.