A question that came up on our on demand webinar “Next Question: How to protect Office 365” was “Can’t I just use the Deleted Items Folder?” The deleted items folder does help prevent some data loss. Microsoft Office 365 allows files in the deleted items folder to stay in that folder, as long as IT changes the default configuration, for 24,855 days. One would think that 68 years is enough time to find the deleted items and recover them, but because of the way deleted items are architected and the ease with which users can interact with it, it is not enough.
When a user or process deletes a file, email or any other object within Office 365, the service moves it to the deleted items folder, which IT can set to unlimited retention time. In theory, all a user has, or administrator has to do to recover data is drag it out of the deleted items folder, but that ease of access is just the start of the problems surrounding deleted items.
If a user or a process removes an item from the deleted items folder the service then moves it from the deleted items folder to a 14-day holding area called recoverable items folder and after that 14 days it moves to another folder, the purge folder. After 14 days in the purge folder, the service permanently removes the data from all of its storage.
The first problem with counting on the deleted items folder as a form of backup is users have 100% access to that data. This free access means users can purge data themselves or a malware program could empty all of the various folders after deleting data from the user’s one drive account. There are also keystroke combinations.
The second problem with counting on deleted items folders is the lack of versioning. Previous versions of a file do not end up in deleted items when the original file is modified. The only way a file gets to deleted items is a user or process deletes it. The previous versions of a modified file do not get moved to the deleted items folder as the file is modified. The service retains versions separately under a different policy. The versions of files in between the created version and the final version are all eventually lost unless protected via other means.
Finally, it is reasonable to assume that eventually the deleted items folder, the recovered items folder, and the purge folders may all be targets of ransomware. Ransomware malware currently goes after backup solutions, and there is no doubt these bad actors are aware of attempts to use versioning and deleted items as a backup method. It is reasonable to assume that strains will also that disable versioning or remove versions the moment the ransomware infecting files sends the previous versions to the versioning process.
IT Needs a Process
Office 365 data, just like any other data needs a point-in-time backup process that regularly protects data and captures various versions of files. It is also vital that the data is copied out of the Office 365 environment so that a malware, virus or malicious user doesn’t have access to all data and all folders.
In our on demand webinar, we discuss what to look for in an Office 365 Backup Solutions and how to backup Office 365. Click here to watch now!