Teams is the Most Difficult Office 365 Application to Backup

Contemplating Teams Backup

Updated: September 16, 2021

I’m bemused by the solutions people proposed when asked about Teams backup. It’s reasonable to consider backing up any IT service and given the recent growth in Teams usage I have seen several requests from people looking to understand what they can do to secure Teams data. The reasons why you might want to backup a cloud service include:

  • Securing critical data against loss caused by an external attack (including ransomware and other malware).
  • Stopping rogue administrators removing or altering information.
  • Moving copies of data to external repositories to ensure people can work if the cloud service is unavailable for an extended period.

These are classic reasons long cited in the on-premises world. However, in the cloud, things are different because you typically don’t have the same level of access to data that you enjoy on-premises.

No Backups in Office 365

Apart from SharePoint Online, Microsoft doesn’t backup Office 365 services. Microsoft relies on its technology (like native data protection for Exchange Online) to protect data, so if you want a backup, you must use a third-party service. There are many services available and generally there are no problems backing up or restoring mailbox and document data. Backup products for Exchange Online and SharePoint Online have roots in on-premises technology and the methods to move data in and out of mailboxes and sites are well understood. APIs, albeit never designed for cloud backups, are available, and everything works. Well, everything works until sensitivity labels and encrypted content are introduced into the mix, but that’s another discussion.

Teams is a Cloud App

Teams is a different matter. Unlike Exchange and SharePoint, Teams is a product of the cloud. It does not exist on-premises and no one ever developed backup interfaces for Teams. But more importantly, Teams is built on top of multiple Office 365 and Azure services. The data in these services is interconnected and dependent. Restoring a mailbox is simple compared to the reconstruction of a team, complete with all its channels, tabs, conversations, meetings, and so on.

Claims of Backup Vendors

Some backup vendors claim their products cover Teams. Most ISVs base their claim to cover Teams on copying the Teams compliance records stored in group and personal mailboxes in Exchange Online. Although it is possible to copy Teams compliance records like any other Exchange mailbox data, this is not a backup. It doesn’t even come close for two reasons:

  1. Teams compliance records are designed to capture communications for eDiscovery and compliance use. They are not the actual data and the compliance records are not true copies of the original because they lack certain elements of Teams messages, such as reactions.
  2. No API exists to restore Teams compliance messages into a Teams channel conversation or personal chat. You could read the compliance records and use Graph API calls to write new messages into channel conversations and chats, but this is not a true restore because the newly-written items would be dated differently to the original and lack all the data not copied to compliance records.

Any backup vendor who insists that they deliver Teams coverage through Exchange Online exhibits a woeful ignorance of Teams technology. If a vendor doesn’t understand the strengths and weaknesses of their product, you shouldn’t use them.

The second (less common) approach is to use the beta Teams migration API to backup Teams data. I covered how BitTitan uses the API for cross-tenant migration in a Petri.com article in August 2019 (AvePoint and Quadrotech use the same API for their tenant to tenant migration products). Not much has happened since to develop the API since and the same problems exist. One glaring issue is the inability to handle Teams personal chats.

The commentary about Teams found on vendor sites often lacks technical depth and understanding, such as the discussion from which I took Figure 1. I’m not sure if the various vendors cited agree on the assessment of their capabilities! To be fair to the author and the vendors, capabilities change over time and it’s wise to check what the current status is when discussing the problem of backing up Teams with ISVs.

Backup analysis for Teams (source: afi.ai)
Figure 1: Backup analysis for Teams (source: afi.ai)

Failure to Deal with Full Scope of Teams

Both approaches fail to take the wide spectrum of Teams interconnected data into account. Backing up one piece of information secures that data, but that data might be useless if other connected data is not copied and available.

Table 1 lists some of the connected data used by Teams. It’s not a definitive list and other data might be needed (like OneNote) to create a comprehensive backup of Teams in an Office 365 tenant. The purpose of the list is to illustrate the wide array of user and system data consumed by Teams. If you want to backup Teams, you need to understand what data is used with Teams in your tenant. Once you know that, you can figure out how to solve the backup problem.

Teams dataLocationBackup Situation
Personal and group chat messagesAzure CosmosDB.No backup API available. The Microsoft 365 substrate captures imperfect copies of personal chats and stores them as mail items in the mailboxes of chat participants. See note about compliance records below.
Channel conversationsAzure CosmosDB.No backup API available. The Microsoft 365 substrate captures imperfect copies of channel conversations and stores them as mail items in the group mailboxes of the team owning the channel. See note about compliance records below.
GIFs used in Teams messages.Teams CDN.No backup API available.
Documents shared in personal and group chatsOneDrive for Business.Backed up with OneDrive for Business.
Documents shared in Teams channels (Files).Document libraries and folders in SharePoint Online sitesBacked up with SharePoint Online.
Private channelsSeparate set of SharePoint Online sites.Backed up with SharePoint Online (if the backup product processes these sites)
Email sent to Teams channels via connector.Azure CosmosDB and SharePoint Online,Backed up with SharePoint Online (messages posted to channels are not backed up).
Messages posted to channels via Office connectors.Azure CosmosDB.No backup API available.
Teams calendar.User and group mailboxes (Exchange Online)Backed up with Exchange Online data. Personal meetings are in the calendar folder of user mailboxes while channel meetings are in the group calendar of the team owning the channel.
Teams meeting recordingsStream/OneDriveNo Stream backup API available. Recordings of meetings stored in OneDrive for Business and SharePoint can be backed up along with other OneDrive and SharePoint data.
Teams meeting insightsExchange OnlineThe attendance reports for meetings, registration reports for Teams webinars, and meeting transcripts are stored in Exchange Online mailboxes of meeting organizers. These artefacts can be backed up along with other Exchange Online data if the backup fetches the data from their locations in folders in the non-IPM part of the mailbox. The information stored in OneDrive for Business to allow spoken text and webinar details to be searched might be backed up along with other OneDrive information but restoring the data to the right place might be problematic.
Teams WikiSharePoint Online.Should be backed up with other SharePoint data.
Teams compliance recordsExchange Online mailboxesBacked up with contents of Exchange Online user and group mailboxes (if the backup product processes the TeamsMessageData folder in the non-IPM part of the mailboxes). Note that these are imperfect copies of Teams messages which remain in Azure Cosmos DB. The Microsoft 365 substrate captures compliance records for all Teams messages, including those sent by guest and hybrid users, and messages from external (federated) chats. The substrate uses cloud-only mailboxes to hold compliance records for guest, hybrid, and federated messages.
PlannerAzureNo Planner backup API available.
Teams audit data.Office 365 audit log.Can be extracted with the Search-UnifiedAuditLog cmdlet (PowerShell).
First party apps like Approvals, Viva Insights, etc.Various Depends on the repository (like Dataverse). Not obviously accessible to backup products.
Third-party apps.Teams app store and third-party repositories.Responsibility of third-party apps.
Teams membership and group object.Azure Active Directory.Can be backed up by reading information from Azure AD (membership of Teams private channels is not in Azure AD).
Teams policies and settings.Azure.Some data can be backed up by reading policies and settings with PowerShell and saving the configuration settings in a file accessible for backup.
Teams usage data.Microsoft Graph.Can be read from the Teams Reports Graph API, but needs to be saved in a form accessible to backups.
Whiteboard used in meetingsMicrosoft Whiteboard service.No backup API available. This issue might be addressed when Microsoft moves the storage of whiteboard content to OneDrive for Business in October 2021 (MC253185).
Table 1: Teams Data is Spread across Microsoft 365 Services

In some cases, a workaround might compensate for the lack of a backup API. For instance, you could download every video from Stream and copy the video to a backup site. You could use the Graph API to copy Plans, and so on.

The problem with workarounds is that they often lack automation and the ability to scale. How many videos does a tenant store in Stream? How many are generated daily? How many plans are created and how many tasks are added, changed, or removed daily? And whiteboards?

Restore an Even Bigger Issue

Backup vendors want to sell products. Their access to your data is limited by the available APIs, so no great mystery exists as to why a comprehensive backup for Teams is so difficult to achieve. And once you have some backup data, consider that restoring Teams is even more problematic.


For more information about Office 365 backups, read Chapter 4 of the Office 365 for IT Pros eBook. Our approach can be summarized as “understand what you need to backup and why before you commit to an external backup service.”

20 Replies to “Teams is the Most Difficult Office 365 Application to Backup”

  1. Well, this is sobering! Thanks for the detailed information on the locations of Teams data. I agree with the implication that no vendor is likely to achieve comprehensive backup and restore capability for the whole universe of Teams data. And my impression from reading this is that, however unlikely data loss due to system failures is, Microsoft also currently lacks the ability to restore Teams in a licensee’s tenant.

    Shouldn’t this be a bigger concern, both among users and by Microsoft, than it seems to be?

    1. I can’t comment on the tools available to Microsoft as they might have internal utilities that can be used to effect a restore. What I can say is that no public API is available to customers to backup or restore Teams data.

  2. Hi Tony,

    thanks for the detailed information about this problem.
    Has the situation changed? Is there any product that is capable of doing a full backup atm?
    Thanks,

    1. Of Teams? No. The problem is down to APIs. Unless and until Microsoft delivers an API to allow backup vendors access to chats and channel messages stored in the Teams data store in Azure, a full backup of Teams is not possible.

  3. It goes without saying you should interrogate the sales process to ensure that your technical requirements are covered. If you need to protect a particular element of Teams then surely you ask if that particular element can be protected using the available APIs. If it’s not, and the APIs aren’t available, then all products are in the same boat. In most cases Teams is protected via the component parts, e.g. Exchange Online, OneDrive and SharePoint Online.

    1. Sorry Edgar, but you’re dead wrong. Teams is not protected by Exchange Online, by which I assume you mean Teams messages. There is no API to backup Teams personal chats or channel conversations. You can copy the compliance items created in Exchange Online, but that’s not a backup, no matter how much backup vendors attempt to make the case that it is.

  4. I agree with Tony, I think first what you need to do is try to utilise Microsoft 365 native capabilities, such as retention, policies, etc before consider backup and chcek the ROI what you get out from backup.
    Also, Teams recordings will moves to SharePoint Online and OneDrive as follows.
    Rolling out starting March 1, 2021 Enterprise & GCC customers
    No new meeting recordings can be saved to Microsoft Stream (Classic); all customers will automatically have meeting recordings saved to OneDrive for Business and SharePoint even if they’ve changed their Teams meeting policies to Stream.

  5. Hi,
    We use Acronis 365 Cyber Backup and are very satisfied. We backup user mailboxes and Onedrive, Sharepoint and Teams. I can recommend the product to you.

    1. have you checked restores of Teams data? What can be restored?

      Does the product cover all the categories of Teams data I mention in the post?

  6. I’m a happy customer of Veeam for Microsoft o365. for Mailboxes and MS Teams including Private Channels. With private channels, you might face some challenges to get the url, but with Get-SpoSite -Filter {Url -like “https://tenantName.OnMicrosoft.com/sites/TeamName*”} will give a result of a private channels/URLs.

    Then use the private URLs .csv/.txt file and loop it through Veeam Set-VBOBackupItems -Job “ExisitingBackupJobName” $_.Urls

    1. I don’t have any problem with the ability of backup vendors to process SharePoint data, which is what you’re referring to. The issues are much more with Teams messages and other associated data.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.