Configurable recovery window for Microsoft 365 Backup
🚨 The Signal: Microsoft 365 Backup now allows administrators to set data recovery windows from 3 months to 2 years, up from a fixed 1 year. This provides greater flexibility for data retention and compliance, impacting backup lifecycle management.
The Impact
Microsoft 365 administrators are affected, gaining more granular control over backup retention, which can reduce data exposure risk if configured correctly.
- Admins: Can now define backup recovery windows, impacting data retention and compliance.
- Security Team: Needs to review and update backup policies to align with organizational data protection standards.
- Compliance Officers: Can enforce more precise data retention periods, reducing compliance risk.
- Data Owners: Benefit from tailored backup retention, ensuring data is available for required periods.
The Action
- Review existing data retention policies and compliance requirements for Microsoft 365 data.
- Access Microsoft 365 admin center to configure new or modify existing backup policies.
- For new policies, set the recovery window between 3 months and 2 years during creation.
- For existing policies, edit the policy to adjust the recovery window as needed, understanding data outside the new window will be permanently deleted after a grace period.
- Document updated backup policies and communicate changes to relevant stakeholders.
Impact: medium · Workload: Microsoft Purview · Essential Eight: Regular Backups · ISM: ISM-1511, ISM-1515, ISM-1705, ISM-1706, ISM-1707, ISM-1708, ISM-1810, ISM-1811, ISM-1812, ISM-1813, ISM-1814