Microsoft 365 Backup – Is Your Cloud Data Secure?


Is your data in Microsoft 365 as secure as you think it is? It depends. As Microsoft 365 Backup goes into preview, I look at the solution and whether you need a separate backup of your cloud data. Plus, changes to WSUS and new Windows Autopatch features hit general availability.


Is your data in Microsoft 365 as secure as you think it is? As Microsoft 365 backup goes into preview, I look at the new solution and whether you need to backup your cloud data. Plus, there are changes coming to Windows Server Update services and Windows Auto Patch new features reach general availability. Hello, my name is Russell Smith and I’m editorial director of Welcome to This Week in IT, where we talk about all the latest news for Microsoft 365 and Windows. You might remember from a few years ago, Tony Redmond famously debated John Hodges over at AvePoint about whether it’s really necessary to back up your data in Microsoft 365.

So, Microsoft were very quiet on all of this, but customers and third parties began really to step up to the challenge of what customers were saying, “We want to be able to backup our data in the cloud, whether Microsoft or other people think it’s necessary or not.” So third parties began to fill that gap. Even though there were no proper APIs for actually backing up data in the Microsoft 365 cloud, they managed to find various workarounds to bring that solution to end customers.

In fact, that was one of Tony’s points that because there are no actual APIs to do a proper backup, maybe this is something you shouldn’t actually be trying to do anyway. But then at the end of last year, as Microsoft started to launch its syntax brand of products in the cloud, which were really all about matching data and documents to their new set of AI features, backups started to become part of that. So they announced that they were initially releasing some limited APIs that would allow you to do some kind of backup, and that they were going to charge for those APIs.

Now, a couple of weeks ago at Microsoft Inspire, they announced Microsoft 365 Backup and Archive. And it’s the backup part of that that I want to talk about today. So finally, Microsoft is saying that we’re releasing a product, but not only that, third parties will be able to integrate with these new backup APIs into their own products to take advantage of all the latest technology that Microsoft is developing around cloud backup. So this feature is going into preview very soon, and out of the gate, it’s going to be able to back up SharePoint libraries, One Drives, and Exchange mailboxes.

If you saw the presentation that was made about Microsoft 365 Backup at Inspire, there are two things that really came across from this. So this product, they seem to be aiming at organizations that want to protect against client-side ransomware encryption. So what does that mean exactly? So that means that a piece of ransomware infects a physical local device, a user’s notebook or a PC, and encrypts the files on that drive. Well, you may think, well, what does that got to do with the cloud exactly? Well, if the user has synchronization set up, or if they have the Outlook client installed, then that encryption, those changes will get rolled into the copy of the files that live in the cloud, essentially. So, just because those files live in the cloud doesn’t mean that they’re necessarily protected from client-side malware. So that’s a problem for organizations that allow users to do that.

The other thing that came across in the presentation is that Microsoft were very keen to point out that, well, if you use our solution, then your data is staying within the secure, trusted world of Microsoft 365.(…) So they’re kind of saying, well, you could use a third party, you could potentially take the data outside of our cloud, but maybe that’s not what you really want to be doing. Now, of course, Microsoft wants to lock their customers into their solution as much as possible. So you have to really think, if you use these APIs,(…) then does that mean that you basically have to back up the data into Microsoft’s cloud? You can’t take it outside of the Microsoft 365 world. That could be potentially a disadvantage, of course. But nevertheless, those are the two things that Microsoft highlighted in their presentation. So a few things that we do know about this product is yet to go into preview.

So, until we get our hands on it, we don’t know all of the details, it looks pretty basic, but it’s gonna cover a lot of bases for many organizations that do decide they want to back up their data. So you can decide, you can set policies to decide what it is that you’re gonna back up, so you can pick specific mailboxes, specific OneDrive, specific SharePoint libraries, so you can manage the costs around storage. You can also choose what it is that you’re going to restore, so you can search for something in particular, or you can choose to restore your entire organization, or just your OneDrive, just your SharePoint libraries, or just your Exchange mailboxes.

When you run a restore, you have to configure those three different services separately, but the restore process can run in parallel, so you don’t have to wait for one to finish before you start another. And of course, that’s important to make sure you can get your data restored in a timely manner. This solution is also designed for partners, so if you’re servicing many different companies, there’ll be a single plane of glass where you can see all of the backup and restore operations for your customers, rather than having to log into every single tenant and manage this for them. In the presentation, Microsoft gave an example of an organization that has 10 petabytes of data, and they were able to enable this backup for that organization and backup everything within minutes. Now, whether this really means minutes, I suspect probably it means hours, but they just want to make the point about how fast this technology is, and they did keep making that point, so I guess that maybe some of the third-party solutions exist at the moment are maybe not so fast, because they’re not able to hook into these new APIs, at this stage at least, that of course will be available soon for them, but Microsoft are saying, “Well, you can back up huge amounts of data and make sure that happens really fast.”

Then they went on to say, well, let’s give an example of a malware situation where a piece of ransomware affects lots of devices on the network and encrypts, let’s say one petabyte of data, because there’s lots of synchronization configured, that data has been synchronized up into the cloud, but it’s now encrypted, so the organization can’t access it. So the first step, of course, is to make sure that you clear those devices of any malware and then to restore the data. So they showed an example where you were able to restore that data, the three different services, so OneDrive, SharePoint, and Exchange, all in parallel and all very quickly. So that’s the service in a nutshell. I’d be really keen to see this when we get our hands on it within the next few weeks or months. \

What do you think about it?

Do you already have a third-party solution for backing up data in the Microsoft 365 cloud? Or in your situation, do you think it’s unnecessary? So it really depends on your organization, how you’ve got things set up on your end clients, whether the risk of accidental deletion is quite large, how complex your organization is, and what other policies you have set up for retention, archiving, hold, all that kind of thing, as to whether really something like this is necessary. But it would be interesting to know what you think about it in the comments. Back in May, Microsoft announced some new features will come into Windows Auto Patch, and as of the 20th of July, they are now generally available. So just a quick reminder, Windows Auto Patch is a system for patching your end devices. So they need to be joined to Azure AD or hybrid joined. It works on Windows 10 and Windows 11, and it allows artificial intelligence to basically decide and control the updating process for your endpoints.

So, it takes the manual work out of things like Windows Update for Business, where you have to decide and make all of those decisions. So the new features that are now generally available include the ability to upgrade to Windows 11 from Windows 10. You can now divide your Auto Patch estate into groups. So you can assign different deployment rings, custom cadences, and the content that you want to update. And you can have a maximum of up to 50 groups.(…) There are now some new policy health alerts. So you’ll be alerted if any policies get changed, or there are any policies that should be there that are now missing. There’s some updates to reporting. So there are new report blades for feature and quality updates, and you can also drill down into the information that’s provided there. And you can also filter reports into eight distinct categories.

Some potentially not so great news, if you’re using Windows Server Update services, on-premises of course, the ability to import updates using the GUI is being taken away. Now, the reason this is happening is because it relies on ActiveX controls, those things that were part of Internet Explorer that have now been deprecated and are no longer supported. So instead of updating the GUI and allowing you to do that a different way that doesn’t involve ActiveX, Microsoft is saying, now you’re going to need to do this with a PowerShell script. So you can head over to the, I’ll link the page in the description below, you can head over to the page that gives you all the details of how you do that. Of course, Microsoft is saying, well, this is a better way to do things now. You’re gonna do it all with PowerShell. Well, you know, I’m not sure that doing things with a script is always a better way to do things. But anyway, you can automate this now with PowerShell, but just bear in mind, if that’s something you do on a regular basis, you’ll no longer be able to do it through the GUI.

The Microsoft 365 Message Center update MC649917. So this is the most interesting update, I think, from the past week. So now you’re going to be able to preview stream videos in line in Teams chats and channels. So rather than having to click on a link and view the video in a separate window, you can view it without ever leaving that chat or channel. So a couple of updates for Windows Insiders this week. Windows Central is reporting that there’s a hidden feature in one of the current updates, I don’t remember the dev or the beta channel, I think the dev channel, that will allow file previews on the Windows 11 start menu. Now they’re claiming this is gonna be a game changer for the Windows 11 start menu for the people who don’t like it.(…) To be honest,(…) maybe if this feature ever sees the light of day, yeah, I think it’s probably a welcome improvement, but if you don’t like the Windows start menu, then I still think you’re not gonna like the Windows 11 start menu, this is gonna make a huge amount of difference.

The problem I have with these previews in Edge, in Windows,(…) is that they’re never big enough, I can never quite see what’s there. If you go to Alt-Tab or something like that, or Windows-Tab, and you’ve got a whole load of windows open, quite often the previews are just too small for me to really discern what it is that’s actually there. I kind of have to get closer to the monitor to really understand what it is. That’s a bit of a problem for me, but anyway, that’s happening probably for the start menu in an upcoming version of Windows, so maybe the 23H2 version that we’ll see released in the fall, we’ll see. So also in a recent update, the modern file explorer, which has been rebuilt on Windows SDK, is now available for everyone, and there are some minor changes coming to virtual desktops which should help them easier to navigate. So when you’re changing between desktops, you should now see the name of the desktop in that sliding animation. And apparently this feature is rolling out to insiders in waves.

And one cute little story, I know probably I’m a big fan of Microsoft Edge, but the Microsoft Edge Twitter account, or should I call it X account, this week has been taken over by a cute little hedgehog. So check out the Microsoft Edge X and they’ve got some cute little videos over there, which maybe persuades you to check out Edge one more time, just in case you’d forgotten about it. If you found this video useful, I’d really appreciate if you gave it a like. If you’d like to see more of these updates, then please do subscribe to the channel and hit the bell notification. I’m gonna leave you with a video on the screen now that you might also find useful, but that’s it from me this week and I’ll see you next time.