Skip links

Implementing Backup Recovery Point Objectives and Recovery Time Objectives in Microsoft 365

You probably know about Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs), but may not be sure of how to implement them effectively for your Microsoft 365 instance. In this mini-guide, we give you some actionable pointers for implementing RPOs and RTOs in Microsoft 365.


What are RPOs and RTOs and why do they matter?

RPOs and RTOs are important for your business continuity and disaster recovery efforts because they have a strong direct influence on the swiftness and completeness of a backup recovery whenever the time comes to conduct one:

Recovery Point Objective (RPO) refers to the maximum age of files that must be recovered from backup storage for normal operations to resume after a disaster. In simpler terms, it answers the question, “How much data can we afford to lose?”. RPO is measured in time – from minutes to hours or even days. For instance, an RPO of 4 hours means your system backups need to occur at least every 4 hours to meet your organisation’s data loss tolerance.

Recovery Time Objective (RTO), on the other hand, is the maximum amount of time allowed to recover the lost data and restore system functionality to its pre-disaster state. RTO addresses the question, “How quickly do we need to recover?”. Like RPO, RTO is also measured in time and reflects the urgency of recovery efforts to ensure business continuity. An RTO of 1 hour demands a rapid response to restore operations within that timeframe after an incident.


The Importance of RPOs and RTOs in Microsoft 365

There is a very good chance that the native backup tools offered within Microsoft 365 will not be enough to comprehensively recover all of your data while they do offer some level of in-built data protection and redundancy measures, they may not meet all of your data protection needs across aspects such as data retention, regulatory compliance, and your RTOs and RPOs.

With this in mind, you need to follow a step-by-step process for ensuring that all of your key data can be reliably recovered in alignment with your RTOs and RPOs.

Here’s a simple platform-agonistic guide for Microsoft 365 backup.


How to Implement RPOs and RTOs for Microsoft 365 Backup

Microsoft 365 encompasses a wide range of services, including Exchange Online, SharePoint Online, and OneDrive for Business, Teams, and more, each with their own data protection considerations. Here’s how to approach RPO and RTO for Microsoft 365:

Step 1: Understand Microsoft 365’s Data Protection and Backup Capabilities

Microsoft offers backup capabilities for deleted Exchange Online data, SharePoint, and OneDrive currently.

For Exchange, deleted item recovery is possible within 30-days by default. While the default recycling bin retention period for SharePoint and Onedrive is 93 days. Microsoft-owned backups of your data are kept for just 14 days.

The retention periods for Exchange, SharePoint, and OneDrive can be edited by an administrator, while specifically for SharePoint and OneDrive, version control retention settings can also be edited.

Note: Microsoft’s timeframe for restoring content is in 48 hours, which will likely prove to be too long of a timeframe, along with any losses of data since previous backup instances.



We Make Full Microsoft 365 Backups Easy: Get Started Today

Book a demo with EO Backup today to see our easy-to-use and highly configurable Microsoft 365 backup service in action. Ensure your MS365 data is not inadvertently compromised. See how to get started in minutes with our pay-as-you go platform that lets you seamlessly backup and recover your Microsoft 365 data with ease.



Step 2: Assess Your MS365 Data and Identify Critical Backup Assets

Undertake an inventory of your data that you’d like to backup across your MS365 platform, including emails, documents, and collaboration data in Teams (the latter not being available natively). Then determine the criticality of each data type to your business and how this would influence segmented RPOs and RTOs for each.

Consider too, how granular your data backup and recovery needs are. For example, if your SharePoint files are organised using classification metadata, a backup solution that can restore these details will be key.

Step 3: Define Your RPOs and RTOs

Based on your assessment of the criticality of these data types, set specific RPOs and RTOs for each type of data or service within Microsoft 365. These will then serve as helpful benchmarks for finding and choosing the right Microsoft 365 backup solution.

Step 4: Evaluate Third-Party Backup Solutions

Look for backup solutions that specifically support Microsoft 365 that will be able to meet your RPOs and RTOs. Additionally, consider other key aspects such as ensuring your backup data meets data sovereignty and cyber security requirements from regulators. Will the platform be able to meet future needs?

Once you find the right solution for you, you can begin implementing it!

Step 5: Implement Backup Solutions

Now you can bring your backup strategy and recovery objectives to life. Set up the Microsoft data backup and recovery solution according to your needs and goals, testing backup and recovery processes to ensure they work as intended.

Step 6: Monitor and Review

Backup and recovery are best not done as a ‘set it and forget it’ thing. Instead, take care to monitor backup processes for failures and issues, undertake regular reviews, including backup report data, and ensure your backup strategy evolves with your business and the wider cyber and regulatory landscape.


Because Microsoft 365 is a cornerstone for your operations, having fail-proof RTOs and RPOs is a critical piece for your business continuity. By carefully setting up these objectives for your Microsoft 365 backups, you can ensure that no matter the weather, you will be able to get back on the road swiftly and securely.


EO Backup: Backup Your Salesforce Data and Metadata in Clicks with our Veeam-Powered Platform

We offer a comprehensive, highly configurable, and easy-to-use Salesforce backup service powered by Veeam, the world’s #1 provider of cloud backup and recovery platforms. Going from signup to a running backup in under 10 minutes is easy to do. You can get started here.

We’re one of a trusted handful of Veeam-certified cloud partners in the UK, providing backups for SMEs and corporate clients for over 22 years. Our backup service is hosted within the UK in AWS UK data centres, ensuring maximum convenience and security for your business while keeping your backup data compliant with data sovereignty requirements.