O365 does not provide a way for Exchange Online customers to take backups. This means that if an employee accidently provides a malicious user with access to their account, ransomware can infect their O365 email. Only a recent backup would be able to restore the content to safe state.
This is a major challenge for organizations. While Office 365 makes it possible to recover individual messages that have been deleted from a mailbox for a length of time, or restore an accidently deleted mailbox back at the time of deletion, offering recovery via a backup to a given point in time is not possible. Here is Microsoft's official position:
Point in time restoration of mailbox items is out of scope for the Exchange Online service. However, Exchange Online offers great retention and recovery support for your organization's email infrastructure, and your mailbox data is available when you need it, no matter what happens.
Microsoft again notes that they provide service availability and always ensure that you can access your mailbox and the single copy of your current data, but they do not back up the data itself. This has some very grave implications, especially if ransomware encrypts a user's Exchange Online mailbox. In the video below, security expert Kevin Mitnick uses tools available on the net today to easily encrypt an Office 365 mailbox in a simulated ransomware attack.
As you can see the process is quick and seamless, with the hack looking somewhat harmless to the novice user. The mailbox is encrypted and the only way to get it back without paying the ransom is to restore it to a previous point in time. This is a great example of why third-party backup solutions like 365 Total Backup (formerly Altaro Office 365 Backup) (also available for managed service providers, or MSPs) are critical for organizations of all sizes.
Keep in mind that this applies not just to O365 mailboxes and other email-related items, but also to Teams chats and files stored in OneDrive and SharePoint – core repositories that hold precious company data.
Another scenario which O365's native tools cannot help with is deliberate deletion. What if a bad actor gained access to your Office 365 admin portal and quickly ran a script deleting everything? With the various tools provided by Microsoft, recovering in this situation would be very difficult and time-consuming. A third-party backup application which uses a centralized management console would help immensely in this situation. This will save your data and your organization valuable hours of recovery time.