Most backups fail the only test that counts
The test that matters is the restore, and it is the one almost nobody runs. Backups silently stop, retention does not match what compliance requires, and ransomware reaches the backup target because it was never isolated. You find out during the incident.
What's included
Workload inventory across Microsoft 365, file servers, VMs, SaaS apps, endpoints, and web hosting
RPO and RTO scoped per workload against business reality. We will not promise a recovery target the tool cannot deliver
Immutable, off-site targets: object-lock cloud storage, an isolated backup admin, a 3-2-1 baseline
A real validation schedule: daily mount checks, weekly file restores, monthly mailbox restores, quarterly full-system drills
What you receive
A backup design brief, a retention schedule, and a monthly health report covering jobs run, success rate, the last verified restore, and compliance status.
Where we stop
In scope: design, immutable target selection, and the restore-test plan. Out of scope: 24/7 backup monitoring, ransomware DR engagements, tape rotation, and on-prem appliance support. We will flag when one of those is the right next step.
Cloud backup FAQ
What makes a backup ransomware-aware?
Immutability and isolation. Object-lock on the cloud target means backups cannot be altered or deleted within the retention window, and the backup admin account is kept separate from your production tenant.
Do you back up Microsoft 365?
Yes. Microsoft 365 data is your responsibility, not Microsoft's, so M365 mailboxes, OneDrive, and SharePoint are part of the workload inventory.
How do we know the backup actually works?
Because we test the restore on a schedule and report the last verified restore every month. A backup you have never restored is just a hope.