With GDPR on the horizon and many organisations rapidly moving to Office 365, Azure services, Skype for Business and SharePoint online it seems many are not 100% clear on the distinction of responsiblities between their organisation and Microsoft themselves.
The plain bare fact is that YOU and your organisation are responsible for your data. All of it. Not Microsoft, sure they provide the service and there are SLA’s associated with those services – but those SLA’s can still be met if even if all your data was maliciously or accidentally erased i.e. the service is still running (even though all your data is gone!).
Microsoft are not responsible for backup or restore of your data.
Again, you might say there is 30 days backup for Office365 and 14 days for SharePoint online – but this only provides a limited amount of protection against data loss. Believe it or not any restore requirements are on a best effort from Microsoft as oppsed to tied to a distinct SLA. As with all cloud services, functionality and features continually change and evolve, a good thing generally BUT when talking about backup/restore and data loss this uncertainty around continual change represents a significant risk to your critical data.
Granular restore of a specific document in SharePoint online? Forget it, it’s either the whole Site Collection (yes, everything!) or nothing.