Microsoft describes in the article “Data Resiliency in Microsoft 365” which measures Microsoft implements to ensure the availability of applications and data within Microsoft 365.
The Microsoft article “Shared responsibility in the cloud“, sees the operation and management of the SaaS infrastructure at Microsoft. The important message of this article: the responsibility for data and information lies with the customer.
There can be use cases which are not secured by the Microsoft protection mechanisms used:
- Final deletion of data by users
- Incorrect retention policies
- Administration error
- Internal security threats (disgruntled employees, ..)
- External security threats (hacker attacks, ransomware, …)