Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Microsoft's Shared Responsibility Model

What is the Shared Responsibility Model?

When using Microsoft 365 (formerly Office 365), it's important to understand that while Microsoft provides the platform, you’re still responsible for protecting your own data.

Here’s the key point:

Microsoft does not back up your email, OneDrive, or other data in the way most people expect. They protect their infrastructure (servers, uptime, and basic data durability), but you are responsible for backing up your own content.

What Microsoft covers:

  • Uptime of their services (like Exchange, OneDrive, SharePoint, etc.)

  • Built-in features like recycle bins and short-term data retention

  • Physical security of their data centers

What you are responsible for:

  • Recovering accidentally deleted emails or files after retention periods expire

  • Protecting data from internal threats (like accidental deletions or disgruntled employees)

  • Guarding against ransomware or data loss from phishing and malware

  • Meeting your industry’s data retention and compliance requirements

Why you need a third-party backup solution:

Without a separate backup, once data is gone—it’s gone. Whether it’s due to user error, malicious activity, or something else, Microsoft doesn't keep full backups of your files or emails. A third-party backup ensures you can restore your data quickly and completely, no matter what happens.

Bottom line:

Using Microsoft 365 without a proper backup is like renting a storage unit but not locking the door. If you rely on Microsoft alone, you're taking a big risk with your business-critical data.