It’s an online service, so it’s inevitable that at some point you will experience a service error in Office 365. Nobody promised 100% uptime, did they?
Microsoft has spent a tremendous amount of time and resources to build up trust in the cloud. In fact, the best way to get a clear picture of the strides Microsoft has gone through to build confidence in the Office 365 platform you only need to browse through the many case studies, customer scenarios, and service-level agreements outlined in the Office 365 Trust Center. Microsoft touts a 99.99% uptime (or better), and a continuous compliance model.
Even so, there are two major types of Office 365 service errors: service outages and erroneous account suspensions.
Ok, to be fair – these are not “errors” but, more or less, activities within the scope of service operations that can impact data integrity. Service outages are pretty straightforward. Occasionally, some percentage of Office 365 customers will experience downtime to their services. If part of your Office 365 environment seems to be down, administrators can access their Office 365 Service Health Dashboard within the administration console, as Microsoft does not make this data public. These outages are generally brief, but in some cases an outage can last for hours, even days.
A much more common form of service error is the account suspension. Microsoft reserves the right to suspend or terminate, without notice, any Office 365 account at any time, per the Terms of Service. If Microsoft suspects one of your Office 365 users is violating its terms, it can shut down that user account indefinitely. The clause is there to ensure that Office 365 accounts aren’t used to support criminal activity or actions that could harm Microsoft’s systems – like running a spam operation off your Outlook account – but Microsoft has the authority to suspend first, ask questions later.
It’s in Microsoft’s best interest to preemptively lock up accounts for suspicious activity while it investigates threats. There are documented cases of this process. It can take days to unlock accounts, as the burden of proof is on you to convince Microsoft your account isn’t secretly harboring criminal data. Again, these instances are generally rare, but they are common enough that you need to prepare for them as part of your business continuity plan.
Why Microsoft can’t stop service errors
Microsoft isn’t trying to cause errors, but when you operate at Microsoft’s scale of close to 100 million (estimated) user accounts, even a miniscule error rate can result in dozens, hundreds, or thousands of wronged customers and gigabytes of misplaced data every day. Microsoft can’t protect you from yourself, and Microsoft can’t always protect you from itself, either.
What Microsoft service errors can cost you
The actual cost of Office 365 errors are, frankly, almost impossible to calculate because eventually, everyone gets their data back. The cost of data lost to Office 365 service errors is based on opportunities and productivity lost when your organization is denied access to your information. How do you put a dollar figure on not having access to your Office 365 inbox in the middle of a client negotiation, or the loss of an accounting spreadsheet in the midst of a tax audit?
How to defend against Office 365 service errors
Every user on your Office 365 environment should set up account recovery options, which allow you to list a mobile phone number and alternate email address, which Microsoft can contact to verify your identity. If Microsoft suspects your account has been hijacked, this is where it will send alerts and begin the process of returning control of your Office 365 account. Accounts that don’t have recovery options set up face much longer roads back from account suspension – those users should contact Office 365 support directly to reset access controls.
There is no administrative setting to defend against an Office 365 service outage. The only remedy for a lack of access to your Office 365 environment is a backup copy of your Office 365 data. With an adequate third-party backup tool, you should still refer to and act upon your business information – look up emails, download documents, check calendar schedules – even when Office 365 itself isn’t accessible (because you’ll be able to log-in to your separate backup tool).
For some additional guidance on how to protect your data inside of Office 365, I wrote two ebooks for online backup tool provider Datto, both of which are free: “Defending Your Office 365 Data: Five Threats That Microsoft Can’t Defend Against, But You Can” and “The Complete Guide to Office 365 Security.” Check them out!