Why back up Exchange/Office 365 mailboxes?

No one would doubt that business data is something that must be protected. When you run your business without any problems perhaps you do not think about the problems that may arise. This may lead to a false impression that nothing will ever happen that could disturb the balance of your business. However, can you honestly admit that you have done everything to protect your data? Would you be able to retrieve unexpectedly deleted items or submit requested data, at any time, when asked to do so, e.g. in case of any legal actions? Remember that your company is the only one responsible for ensuring backup copies of all data and archiving it for future reference. Fortunately, there are some native solutions that can help you protect your data, but still there might be some difficulties if you need to make a backup in the traditional sense of the word.

Go to section:

It is worth verifying whether your organization is obligated to maintain backup copies of electronic data to comply with legal requirements. Respecting the law will protect you and your company against unexpected and unwanted problems:
  • Avoid fines or pecuniary penalties for not retaining crucial business information that may be requested for legal actions or disputes involving your company.

  • There are different laws and restrictions that regulate access to important data – no matter whether the case concerns government agencies, companies or other organizations – you are obligated to respect those regulations. Take a quick look at the table below to learn about laws that may impose a legal obligation of data archiving on your business:

CountryType of documentWhat does it regulate?

usa flag 70px



(related to Electronically Stored Information - ESI)

A procedure that is adopted during pre-trial activities that allows parties taking part in a dispute to provide requested evidence in form of electronic records that may be relevant in the trial. In this case, all organizations should protect their crucial data and manage them in a secure way so that they can be identified and recovered at any time. 

usa flag 70px



Sarbanes-Oxley Act of 2002

As a result of big financial scandals, this act imposes the onus of controlling and maintaining important financial records on all organizations in the U.S. as well as on certain international non-U.S. companies. They are obligated to store important data that may be required as evidence of information included in financial reports. Not respecting this law results in severe pecuniary or criminal penalties.

usa flag 70px



Health Insurance Portability and Accountability Act

This law mandates, e.g. the continuity of health insurance or safety of electronic transactions that involve exchanging health information. Not following the restrictions of this act will result in penalties. Every organization that provides care services, along with their business partner, is responsible for respecting confidentiality and security of individuals’ health information. All data must be stored for at least 6 years.

usa flag 70px


SEC Rule 17a-3 and 17a-4

Securities and Exchange Commission Rule 17


These rules regulate the way broker-dealers must collect and maintain certain electronic records, e.g. customer account ledgers or business communications. A broker-dealer must ensure availability of records in question and store them for future reference. 


usa flag 70px



Freedom of Information Act

This law allows citizens to access information about their government. It means that federal agencies are obligated to make their records available for citizens, if requested. In this case, it is important to archive all data to respect this law.

usa flag 70px



Federal Information Security Management Act

This act helps to protect federal information systems by controlling the activity of agencies and departments with reference to ensuring high information security effectiveness. Federal agencies need to be prepared to provide any requested records to report their activity to the Department of Homeland Security.

uk flag 70px

United Kingdom

Companies Act of 1985 This document regulates the way companies are registered and managed. It also requires each company to keep and maintain records regarding their business transactions so that they can be reached at any time if required for inspection. To fulfill this requirement, a company needs to maintain backup copies of their data. 

canada flag 70 px



Personal Information Protection and Electronic Documents Act 
It regulates the way personal information may be collected, used or made public by companies or federal agencies. Thanks to this act, those organizations are obligated to provide individuals with the personal information kept in their records and correct them, if requested. To comply with this law, organizations in question need to archive personal data.

NOTE: Please keep in mind that this is not professional legal advice but only suggestions on how CodeTwo Backup can help you comply with the selected laws. For professional legal advice regarding the acts that apply in your country, please consult your lawyer.

Unexpected data damage or loss

The problematic situation may appear unpredictable when someone in your organization causes data loss or data corruption that may turn to be crucial for your business:
  • Sometimes it happens that an important email or contact is deleted unintentionally. This can cause unnecessary or unexpected problems. To avoid such situations, keep backup copies of all emails, contacts and calendar items saved in versions (if an item is changed, it is saved again as a next version of this item) so that even permanently deleted items can be restored from a local backup copy.

  • Some vital data can be deleted on purpose. Such a piece of information may turn out to be relevant for a trial or other legal actions.

  • Protect your company by preserving important electronic data so that your business can continue. Make sure that the contents of all employees’ mailboxes are backed up just in case of an unexpected disaster on the service provider’s side resulting in partial or total data loss. Hopefully, such a scenario will never happen but keep in mind that you are the only one responsible for safety of your electronic data.

  • Do not put all your eggs in one basket. Be precautionary and create backup copies of your mailboxes to have full control over important data. 

What can you do?

Fortunately, there are some solutions that will help you protect your important data and save yourself a lot of trouble. See what your options are:


First of all, you should take a look at what you can get natively. There are some solutions such as In-Place Hold or Litigation Hold, which allow for maintenance of mailbox data as long as mailboxes in question are put on hold. However, if for some reason you decide to switch it off or fail to switch it on, your data will be removed permanently when they reach a retention period. Additionally, this feature is not available by default for every Office 365 plan.
In case of malicious or unintentional deletion of items, deleted items are moved to the Recoverable Items folder where they are stored for a certain number of days. However, when this period expires, data is deleted permanently and cannot be recovered unless you are eligible for Litigation Hold or In-Place Hold, which allow you to extend that period.
You can also manage the backup process using a third-party tool such as CodeTwo Backup for Office 365 or CodeTwo Backup for Exchange. One of the main advantages of using these programs is that you have full control over important data and you have a physical access to locally stored backed up information. 

Benefits of using CodeTwo Backup


CodeTwo Backup for Office 365

Back up Office 365 and Exchange Online mailboxes to local drives


  • Keep backup copies of electronic data to respect the law
  • Get full direct access to copies of your mailbox data 
  • Reduce mailbox size and store obsolete data locally
  • Archive mailboxes of employees (also to PST files) who are no longer with your company
  • Restore single items (or its selected versions) to original or different Office 365 tenants
  • Set up automatic backup jobs so no item will be lost unnoticed
  • Trust in Office 365 data protection solutions, but be precautionary and create backup copies

CodeTwo Backup for Exchange

Incremental Exchange mailbox backup and granular restore


  • Keep Exchange mailbox data in granularly recoverable storages
  • Perform one-time backups or let the program create backup copies continuously
  • Make backups without affecting users' mailboxes performance 
  • Create backup copies of all Exchange folder types
  • Restore intact versions of items to replace damaged or deleted ones
  • Search for even single items using various search criteria
  • Archive your emails, contacts, calendar items or all mailboxes to ensure your business reliability


Why do I need a backup? - Infographic


For more information see also: