A disaster recovery plan is critical if you use Microsoft 365 for email, documents, and collaboration because an outage or cyberattack could bring your Microsoft 365-dependent workflows to a standstill.
Don’t get caught off guard. By implementing modern best practices, you can be confident your Microsoft 365 environment can be quickly and easily restored.
- Keep regular backups
We recommend maintaining at least two recent backups of your Microsoft 365 data using built-in backup features like Exchange Online archiving, SharePoint Online recycling bin and the OneDrive file restore feature.
It’s also prudent to use a third-party backup solution like Veeam to capture point-in-time snapshots and long-term archives. Larger enterprises should test restores regularly to verify backup integrity and ensure all is well.
- Store data in geo-redundant datacentres
Take advantage of Microsoft’s geo-redundant datacentres, so if one region fails, your data remains intact and accessible in another.
Exchange Online and SharePoint Online incorporate geo-redundancy by default, so you should use these. For OneDrive, you can enable geo-redundancy in the Admin Centre — this article covers everything you need to know.
- Follow the 3-2-1 rule
This tried-and-true backup strategy means maintaining three copies of your data, on two different media types, with one copy offsite.
For example, have one copy on Microsoft 365 servers, a second on an on-premises backup, and a third copy on offline storage or in the cloud. This prevents data loss from equipment failure, ransomware, natural disasters, and sabotage.
- Document recovery procedures
Document step-by-step instructions for recovering Microsoft 365 data and testing procedures. Include details like service accounts required and which team members need to be notified or involved during recovery—store procedures on an intranet site or cloud-based wiki accessible to IT staff with short notice.
Don’t rely solely on the data recovery features within Office 365 either because there are better solutions, such as Veeam Backup.
- Regularly Test Restores
Practice recovering content to ensure your backups are working and the recovery plan is effective – this could save you if you have an outage!
Perform test restores from various backup locations to validate you can successfully retrieve data. Tests should cover different data types like email, files, and application data.
- Implement Access Controls
Limit Microsoft 365 access to only authorised personnel. Require multi-factor authentication (MFA) for administrators and privileged users.
We recommend blocking legacy authentication protocols more vulnerable to attack, enabling mailbox auditing and alerts for suspicious activity, and restricting user permissions to only what is required with a zero-trust policy.
- Keep Software Updated
Maintain Microsoft 365 apps and services on the latest supported versions. Update operating systems, browsers, plugins, and other software across your environment when an update becomes available to receive the latest patches.
Enable auto-updates where possible or set up update alerts. Monitor for security notifications and promptly patch vulnerabilities. Keeping software updated reduces your exposure to bugs, breaches, and outages.
To learn more about your Microsoft 365 recovery options please contact us.
