Microsoft 365: Long-term retention period for M365 Backup

🚨 The Signal: Microsoft 365 Backup now supports long-term retention beyond one year. This enhances data resilience and recovery capabilities, crucial for compliance and business continuity, especially for sensitive data requiring extended archival periods.

The Impact

Security teams and compliance officers are affected by enhanced data recovery options, reducing risk of data loss over extended periods.

• Security Teams: Reduced risk of data loss for long-term recovery scenarios.
• Compliance Officers: Improved ability to meet regulatory data retention requirements.
• Data Owners: Enhanced assurance of data availability beyond one year.
• Incident Response Teams: Greater scope for data recovery in historical breaches.

The Action

1. Review existing data retention policies and identify workloads requiring long-term backup.
2. Navigate to Microsoft 365 admin center > Settings > Org settings > Microsoft 365 Backup.
3. Configure new backup policies or modify existing ones to specify retention periods beyond one year for relevant data.
4. Validate backup configurations and test recovery procedures for long-term retained data.

Impact: medium · Workload: Microsoft Purview · Essential Eight: Regular Backups · ISM: ISM-1511, ISM-1515, ISM-1705, ISM-1706, ISM-1707, ISM-1708, ISM-1810, ISM-1811, ISM-1812, ISM-1813, ISM-1814