
E-book: How to protect your data in Microsoft 365 against ransomware
I admit it. I have accepted the Terms of Service for dozens, possibly hundreds, of online services without actually reading them. And, unless you’re a very unusual type of person, so have you.
So how about Microsoft 365? Did you read those Terms of Service? If not, you might be one of a large number of subscribers who are making some incorrect — and potentially very costly — assumptions about the security of the data you have stored in your Microsoft 365 environment.
Get informed and reduce your risk
What do you think will happen if your business-critical data in Microsoft 365 is accidentally deleted, or corrupted, or encrypted by a ransomware attack?
It’s a useful scenario to imagine. Many people apparently picture it going something like this:
Me: Hello, Microsoft customer support? Yes, some critical files in my Microsoft 365 account were encrypted by ransomware. Can you help me recover them?
Microsoft: Why, yes I can, sir! Naturally we keep all our customers’ data backed up and retained! I’ll just send you a link that will let you access those backup files, and all you have to do is search through them for the files you need to restore. Before the end of the day, you’ll be back in business as though nothing ever happened.
Me: Thank you very much and have a wonderful day!
What a delightful exchange, right? Unfortunately, here’s a more plausible version of that conversation:
Me: Hello, Microsoft customer support? Yes, some critical files in my Microsoft 365 account were encrypted by ransomware. Can you help me recover them?
Microsoft: Well, sir, that depends. Deleted files in SharePoint Online are retained for 93 days after deletion in the SharePoint Recycle Bin. But if the files were deleted from OneDrive, those are only retained for 30 days by default in the OneDrive Recycle Bin.
And if they were corrupted or encrypted before being deleted, then the retained files are also very likely to be corrupted of encrypted, so that won’t do you much good. It’s very unlikely that we’ll be able to help you roll back to an earlier version of any files. And in most cases we won’t be able to restore those files at a granular level.
Me: What? Wait, aren’t you obligated to back up all my data and hold onto it just in case of a situation like this?
Microsoft: Actually, no. As is clearly explained in the Terms of Service that you agreed to, data protection is your responsibility, and we specifically recommend the use of a third-party backup solution to do that, such as the excellent Barracuda Cloud-to-Cloud Backup. You did read the Terms of Service before agreeing, right?
Me: Um… Yeeeess… Uh, listen I have to go now. Thanks, I guess.
[Disclaimer: The above is an imaginary conversation. Microsoft’s data-retention policies change frequently, and the above may not accurately reflect current policies. Also, Microsoft support representatives almost certainly do not engage in the kind of passive-aggressive attitude suggested in the above. And they definitely never specifically recommend a particular backup solution — not even the extraordinarily capable, secure, and easy-to-use Barracuda Cloud-to-Cloud Backup.]
There’s an e-book!
I hope I’ve at least piqued your interest in why your data in Microsoft 365 may be at risk, and how to effectively protect it from ransomware and other threats.
Get all the details by downloading our information-packed e-book “The Risk of Ransomware to Microsoft 365 Data: A Case for Backup.” Get it and find out:
- Why Microsoft 365 accounts are popular targets for cyberattacks
- Which strategies and tactics cyber crooks are using to penetrate your defenses
- Why native data-retention policies in Microsoft 365 are inadequate as a backup strategy
- Who’s liable for lost data in Microsoft 365 (you) — and who’s not (Microsoft)
Don’t take chances with your business-critical data in the cloud. Dive into this e-book and get the info you need to minimize risks.

The Ransomware Insights Report 2025
Key findings about the experience and impact of ransomware on organizations worldwide
Subscribe to the Barracuda Blog.
Sign up to receive threat spotlights, industry commentary, and more.

Managed Vulnerability Security: Faster remediation, fewer risks, easier compliance
See how easy it can be to find the vulnerabilities cybercriminals want to exploit