Maybe Not Brain-Dead but Certainly Poor Thinking
Recently, the folks responsible for running the Microsoft Technical Community contacted me to say that someone was offended at a comment I made in a discussion about Office 365 backup. Apparently, the person didn’t like me saying (Figure 1):
“In this case, the backup product copies mail to PST files, which is just about the most brain-dead and stupid approach to backup of a cloud email solution known since the dawn of Office 365.”
The forum moderators removed the original note I replied to. It can be summarized as one of the almost Pavlovian responses from some working for ISVs who create backup software. As soon as a discussion starts in a forum about backup, they rush to talk about their product even when the product is wildly inappropriate.
In this case, the vendor representative advanced the case to use PSTs as a backup solution for Exchange Online mailboxes. I don’t regret calling this suggestion brain-dead and stupid because I honestly consider that anyone who thinks that backing up cloud-based mailboxes to personal files on workstations has lost their marbles.
Uses of PSTs
Despite all the flaws documented in PSTs over the years, these files continue to be used. Even Office 365 tolerates PSTs, but only for necessity when nothing else is available. PSTs can be used as an import source for mailboxes and to export the results of eDiscovery searches (typically for investigation and review by an external expert); aside from these uses, I can’t think of why I would even consider using a PST.
Using a PST for backup exports information from cloud mailboxes and creates potential compliance and retention issues for the company. The action could lead to loss of data to attackers, which is what happened to Sony in 2014. Users sometimes think that it’s a good idea to create their own personal mailbox archives in PSTs, but there’s really no reason to do this, especially with the large mailbox quotas available in Office 365 (the classic reason why people used PSTs was to remove old mail from their online mailbox).
Exchange Native Data Protection ensures that four copies of their mailbox exist in at least two Office 365 datacenters. An extra copy in a PST will only help if all those datacenters are offline. Even if this were to happen, the email in the PST might remain inaccessible if protected with sensitivity labels (which also make sure that people can’t take email with them to another employer).
No Room for Misleading Advocacy
To be fair to the ISVs who create PST-based backup solutions, a reasonable need existed for their products in the on-premises world at one time. Time and technology developments have passed them by and they’re struggling to maintain relevance in the cloud world. But that’s no reason to pollute discussion forums with wildly inappropriate advocacy for their products.
In saying this, I also note that some vendors of cloud backup products are guilty of the same tactics, especially those who represent backup for Exchange Online mailboxes as coverage for other parts of Office 365, notably Teams. Inaccurate and misleading assertions might lure the unwary into signing up for their products, but the reputation of the company and their software suffers overall.
No Perfect Office 365 Backup Solution
No perfect backup solution exists for Office 365. The interconnectivity of applications and lack of supported backup APIs for Office 365 workloads create a challenging environment for backup vendors. If you’re considering investing in a backup product, my advice is:
- Only consider cloud-based backup solutions.
- Understand what the standard features in Office 365 can do to identify where you need extra protection which can be provided by a backup product. Don’t accept what backup vendors say – test and verify their assertions yourself. I’m not saying that backup vendors deliberately misrepresent Office 365 functionality; some don’t seem to understand the technology as well as they should.
- Optional add-ons for Office 365 might be better solutions for some of the reasons often cited to justify backups. For instance, Privileged Access Management can mitigate the damage which a rogue administrator can inflict.
- Understand how backup products access information in Office 365 workloads to copy data to their repositories. Remember that the quantity of cloud data is often larger than is kept in on-premises deployments.
- Understand how the products deal with cloud-only applications like Teams, Yammer, and Planner and how they deal with protected (encrypted) items.
- Understand how restore operations work, including the restoration of complete Microsoft 365 Groups.
Equipped with answers to these questions, you’ll be able to make an informed choice if you need backups for your Office 365 tenant and if so, the best backup software to meet your needs.
And never ever consider using PSTs as a backup mechanism for Exchange Online mailboxes…