This blog post is AI-Assisted Content: Written by humans with a helping hand.

Author’s note: This is an AI-generated summary of a webinar InterWorks hosted on May 29, 2025. The main presenter was Jon Nash, VDC Microsoft 365 Solution Engineer. If you want to watch the whole webinar we summarized for this piece, feel free to watch it here!

When it comes to protecting Microsoft 365 data, many organizations operate under a dangerous misconception. They assume that because Microsoft hosts their email, OneDrive files and SharePoint sites in the cloud, those assets are automatically protected. The reality is quite different, and it’s spelled out clearly in Microsoft’s shared responsibility model: Microsoft is responsible for the service, but you’re responsible for your data.

This distinction matters more than many IT teams realize. While Microsoft ensures the platform stays online and operational, the responsibility for backing up and protecting that data falls squarely on the customer. That means having a backup solution isn’t just good practice. It’s essential insurance against accidental deletions, malicious attacks and compliance violations.

The Evolution of Cloud Backup

Veeam has been in the Microsoft 365 backup space for nearly a decade, but the company’s vision extends far beyond just protecting email and files. The Veeam Data Cloud platform initially focused on Microsoft 365 and Azure virtual machines, but today it encompasses a much broader ecosystem. The platform now includes Veeam Vault for backup and replication storage, Entra ID and Salesforce backups, and soon will add Kubernetes backup capabilities through Kasten.

This expansion reflects a fundamental shift in how organizations work. The platform aims to become a comprehensive cloud data protection solution, not just another point product. It’s an ambitious goal backed by significant investment, but one that addresses the increasingly complex reality of modern IT environments.

Why Native Tools Aren’t Enough

The existence of recycle bins, retention policies and Microsoft Purview leads some organizations to question whether they really need third-party backup solutions. But these native tools weren’t designed for comprehensive data protection. Recycle bins have limited retention periods. An employee cleaning up storage space might accidentally delete compliance-critical data and empty the recycle bin, leaving no recovery option. Someone reducing storage costs could eliminate information that becomes necessary months later for legal or regulatory purposes.

The financial stakes are substantial. Over the past decade, business email compromise attacks alone have cost organizations $55 billion. Insider incidents, whether malicious or accidental, average between $15 million and $16 million per event. These aren’t abstract statistics. They represent real organizations facing real consequences from data loss they couldn’t recover.

A Modern Approach to Protection

Veeam Data Cloud for Microsoft 365 takes a distinctly modern approach to backup, one built with security as a foundational principle rather than an afterthought. The platform has achieved SOC 2 Type 2 certification and maintains multiple ISO certificates, with FedRAMP certification in progress. These aren’t just compliance checkboxes. They represent rigorous third-party validation of security practices that organizations can review at Veeam’s trust center.

The platform currently protects over 23.5 million users across both the cloud platform and traditional on-premises offerings. But perhaps more importantly, it’s designed to eliminate infrastructure headaches. Organizations don’t need to deploy servers, configure proxies, provision storage or manage updates. Veeam handles all of that, allowing IT teams to focus on backup policies and recovery procedures rather than infrastructure maintenance.

Express and Flex: Purpose-Built Solutions

At the heart of Veeam’s offering are two complementary technologies. Express, built on Microsoft’s Backup Storage API, functions as a disaster recovery solution designed for speed. It can restore data at rates between one and three terabytes per hour, leveraging what amounts to a Microsoft superhighway that bypasses normal throttling limitations. Currently, Express covers Outlook, OneDrive and SharePoint sites, with Teams support on the roadmap. The tradeoff for this speed is granularity. Express recovers entire mailboxes, entire drives or complete sites rather than individual items.

That’s where Flex comes in. Veeam’s traditional backup technology, Flex provides the flexibility its name suggests. Organizations can configure retention periods from days to centuries, recover individual emails or files and conduct granular searches across backup data. Flex also allows customers to choose their Azure storage region and provides a unique exit strategy. If an organization decides to leave Veeam, they can assume ownership of their Azure storage account and continue using Veeam’s free community edition explorers to access backup data for the entire retention period they’ve maintained.

This exit strategy sets Veeam apart in a market where many vendors effectively lock customers into their platforms. The ability to leave without losing access to historical backup data provides peace of mind that’s rare in the SaaS world.

Intelligent Recovery Options

The platform’s recovery capabilities reflect thoughtful design around real-world scenarios. For bulk disasters, the purpose-built recovery tool leverages Express to restore massive amounts of data quickly. For day-to-day operations, administrators can recover at various levels of granularity from entire mailboxes down to individual emails or files.

The system includes practical touches that acknowledge how people actually work. Background download options let administrators start a recovery late Friday afternoon and retrieve the results Monday morning without watching progress bars. Flexible targeting means recovering a departed employee’s mailbox into their replacement’s account or a manager’s mailbox for review. Advanced options control everything from version handling to sharing permissions, giving administrators fine-tuned control when they need it without cluttering the interface for simple operations.

Security and Governance Built In

Access to backup data requires more than just passwords. The platform mandates multifactor authentication for all users, including Veeam personnel. Every action creates auditable events, from browsing backup data to previewing emails. This granular auditing addresses a real concern: backup administrators can potentially access sensitive information, and organizations need visibility into who’s viewing what.

Role-based access controls allow organizations to create tiered access models. Help desk teams might access most backup data but not executive mailboxes. Self-service capabilities can let end users recover their own emails and OneDrive files without involving IT. Group-based role assignments make permission management scalable and maintainable. Changes take effect immediately, even for users already logged into the platform.

The SaaS Advantage

Perhaps the most underappreciated aspect of SaaS backup solutions is time savings. Traditional backup systems require ongoing maintenance: patching, updating, monitoring infrastructure and troubleshooting issues. These tasks consume hours that could be spent on strategic projects. With a SaaS platform handling infrastructure, updates and monitoring, administrators reclaim that time. The difference might not feel dramatic initially, but it compounds over months and years into capacity for new projects and process improvements.

One real-world example illustrates the stakes clearly. A SharePoint administrator needed to create a new site but had no available storage quota. They found the oldest SharePoint site, assumed the data was obsolete and deleted it from both the primary and secondary recycle bins using PowerShell. A week later, they discovered the site contained active client files. Without backup, the organization faced legal exposure that likely exceeded the cost of implementing a backup solution many times over.

Looking Forward

The modern workplace depends on cloud collaboration tools in ways that would have seemed impossible a decade ago. Email represents only about 28% of most employees’ workdays, with the rest spent in Teams, SharePoint, OneDrive and various other platforms. Protecting this distributed work environment requires solutions designed specifically for cloud services, not retrofitted from on-premises thinking.

As organizations continue migrating to cloud platforms, the shared responsibility model becomes increasingly important to understand and act upon. Microsoft will keep the lights on, but protecting the data that powers your business remains your responsibility. The question isn’t whether to implement backup for Microsoft 365. It’s whether you’ll implement it before you need it or after you’ve learned an expensive lesson about the true cost of data loss.