Defending Against User Error in Office 365

Office 365 is the fastest growing platform Microsoft has ever released with a powerful set of collaboration features for individuals and teams. While there are many benefits, there are also risks associated with any SaaS product. First and foremost is user error. We’ve all been there, done that. Think of user error as the “deadly oops” – a simple, honest mistake with disastrous consequences. According to a 2013 Aberdeen report “SaaS Data Loss: The Problem You Didn’t Know You Hadone third of SaaS users reported losing their data from an application like Office 365.

imageUser error falls into two general types: accidentally deleting information, or intentionally deleting data only to need it later.

In the first case, it could simply be a matter of deleting an Outlook message when you thought you archived it. (Many organizations retain their deleted messages for 30 days, but by default Office 365 retains these emails indefinitely – unless otherwise determined by an administrator.) The same holds true for SharePoint and One Drive for Business documents. Calendar events and Contacts entries, however, have no trash folder from which you can rescue mistakenly deleted data. A simple slip of the mouse or misunderstanding of how Office 365 works could lead to a major loss of business data. In fact, the creation of the trash bin inside of SharePoint is the result of internal (Microsoft IT and employees) feedback (circa 2006/2007) that SharePoint was too quick to delete content, with no easy way for end users or site admins to go in and rescue content from the UI.

In the second case, you or a colleague could erase a document or message you were certain was no longer necessary only to later find that data is vital, but cannot be restored. This happens often when projects end or employees depart; shared data gets deleted because the owner is done with it, never suspecting that someone else in the organization still has a need for the information. Occasionally, that “someone else” is very scary and very important, like the IRS or an industry regulator. These groups don’t tend to accept the “Microsoft ate my homework” excuse.

Unfortunately,  Microsoft can’t stop every user error – they can’t protect you from yourself. You told Office 365 to delete data, and the platform did what you asked. To abuse an analogy, even the safest car on the road will suffer damage if you absentmindedly drive it into a wall.

What user error can cost you

Most of the time, an accidental deletion involves a single item. In research conducted by cloud backup experts Datto, they found that the average email is worth about $2.11 and the average document is worth about $217.20, based on the time and money needed to recreate the lost data. The average user deletes a critical item roughly three to four times per year. That means in any given year, you could lose as little as $6 to well over $800 for every user on your domain.

How to defend against user error

A “no deletion” information policy is the best place to start in defending against user error, as it should answer the “should I purge this or keep it?” question every user is supposed to ask before clicking the delete button. Office 365 makes it easy by keeping items in the Deleted Items folder indefinitely. Unfortunately, not every user bothers to ask that question before gunning zealously for an empty inbox or emptying their Deleted Items folder. But at least from an administration standpoint, Office 365 does not automatically delete (unless you tell it to).

Regularly scheduled backups of your Office 365 data are your safest protection against user error. The best way to keep your data out of harm’s way is to keep a copy of it where it can’t ever be deleted. Of course, it is important to include data standards and best practices as part of your regular employee training – especially part of your new employee onboarding, ensuring that everyone is aware of how the system works, and what the company expects as far as data handling and deletion policies around sensitive data.

Microsoft is very good at avoiding their own errors. And chances are, they won’t lose your data. But there are some situations where Microsoft can’t help, and its up to you to be proactive.

For some additional guidance on how to protect your data inside of Office 365, check out my free ebook from Datto, “Defending Your Office 365 Data: Five Threats That Microsoft Can’t Defend Against, But You Can

Christian Buckley

Christian is a Microsoft Regional Director and Office Servers and Services MVP, the Founder & CEO of CollabTalk LLC, an independent research and technical marketing services firm based in Salt Lake City, Utah, and CMO of, a blockchain-based video technology company.